Simo wrote: > i'm trying to do the authentication of cisco cat switches with the > freeradius. The Authentication works fine, also the authentication of > the enable lvl mode (e.g. $enab15$) and the accounting too (the > configuration is from the freeradius-wiki cisco artical). > But i'm still having a problem with cisco-avpair attribute. I don't know > why shell:priv-lvl=15 doesn't work. I want, that the user will be > directly logged in to the priv-lvl without doing the enable > authentication.
Read the switch documentation to see what RADIUS attributes it expects to see in the response, in order to enable admin login access. > i'm using the Version 1.1.7 of Radius (Debian Package) > and here ist my configuration (i have switched from sql database to > files for debugging ): > > admin Cleartext-Password := "pass" > Service-Type = NAS-Prompt-User, > cisco-avpair = "shell:priv-lvl=15" That doesn't look right. You probably want "Service-Type = Login-User". Again, this is documented in the switch manual. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
