Hi, I hope someone can help me with that - I dont seem to be able to, after hours of Googling and trying ... :-(
I want to allow an admin to login to a Cisco-box, authenticated via radius and get immediately to privileged level ( so he doesnt have to do a "enable" when he logged in to the box) I have put the following into the 'radgroupreply' table of the MySQL-Database mysql> select * from radgroupreply; +----+-----------+--------------+----+-------------------+ | id | GroupName | Attribute | op | Value | +----+-----------+--------------+----+-------------------+ | 1 | lanmgmt | cisco-avpair | = | shell:priv-lvl=15 | +----+-----------+--------------+----+-------------------+ (For the operator I have already tried ':=') My 'radreply'-table is currently empty The other tables look like this: mysql> select * from radcheck; +----+----------+-----------+----+-------+ | id | UserName | Attribute | op | Value | +----+----------+-----------+----+-------+ | 1 | pudilt | Password | == | 1234 | +----+----------+-----------+----+-------+ 1 row in set (0.00 sec) mysql> select * from radgroupcheck; +----+-----------+-----------+----+-------+ | id | GroupName | Attribute | op | Value | +----+-----------+-----------+----+-------+ | 1 | lanmgmt | Auth-Type | == | Local | +----+-----------+-----------+----+-------+ 1 row in set (0.00 sec) mysql> select * from usergroup; +----------+-----------+----------+ | UserName | GroupName | priority | +----------+-----------+----------+ | pudilt | lanmgmt | 1 | +----------+-----------+----------+ 1 row in set (0.00 sec) Is the 'cisco-avpair' parameter misplaced, or should I look for the error on the CISCO-config (using IOS 12.1)? thanks alot thomas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
