Here's an odd one...Is there any way of getting around having to set Service-Type = Administrative-User in order to get the Cisco-AVPair := "shell:priv-lvl=15" to work correctly? The reason I ask is b/c when I set Service-Type = Administrative-User as the DEFAULT in the users file or through a radiusReplyItem: Service-Type := "Administrative-User" in OpenLDAP, the Juniper ERX radiusReplyItem: ERX-Cli-Initial-Access-Level := "5" attribute is ignored and all users log in with priv. level of 10.
Hoeever, when I comment out the Service-Type = Administrative-User in the users file, the Juniper works correctly but am unable to log into the Cisco 29XX devices. Any help certainly appreciated. Robert - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html