Ivan Kalik wrote: > You need to have a look at switch radius documentation to see which > Service -Type are you suposed to return. Administrative-User?
This is IOS, correct? You need to add 'aaa authorization exec default group radius none' to your config or else the switch will ignore your higher access level attributes. In my experience, you can set either the Service-Type or the cisco av-pair. There is no need to set both. -David Mitchell > > Ivan Kalik > Kalik Informatika ISP > > > Dana 11/7/2008, "Simo" <[EMAIL PROTECTED]> piše: > >> On Fr, 2008-07-11 at 10:38 +0100, Ivan Kalik wrote: >>> Cisco-NAS-Port = "tty2" >> Thnx for your reply. I have setting the NAS-Port to tty2 but i'm still >> having the same Problem. >> And here is the reply of switch (priv=1 was requested): >> >> ďťż04:25:06: AAA: parse name=tty2 idb type=-1 tty=-1 >> 04:25:06: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 >> port=2 channel=0 >> 04:25:06: AAA/MEMORY: create_user (0x80D37CDC) user='' ruser='' >> port='tty2' rem_addr='192.168.178.3' authen_type=ASCII service=LOGIN >> priv=1 >> 04:25:06: AAA/AUTHEN/START (4223102353): port='tty2' list='' >> action=LOGIN service=LOGIN >> 04:25:06: AAA/AUTHEN/START (4223102353): using "default" list >> 04:25:06: AAA/AUTHEN/START (4223102353): Method=radius (radius) >> 04:25:06: AAA/AUTHEN (4223102353): status = GETUSER >> 04:25:11: AAA/AUTHEN/CONT (4223102353): continue_login (user='(undef)') >> 04:25:11: AAA/AUTHEN (4223102353): status = GETUSER >> 04:25:11: AAA/AUTHEN (4223102353): Method=radius (radius) >> 04:25:11: AAA/AUTHEN (4223102353): status = GETPASS >> 04:25:12: AAA/AUTHEN/CONT (4223102353): continue_login (user='admin') >> 04:25:12: AAA/AUTHEN (4223102353): status = GETPASS >> 04:25:12: AAA/AUTHEN (4223102353): Method=radius (radius) >> 04:25:12: AAA/AUTHEN (4223102353): status = PASS >> >> thnx for help >> Simo >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ----------------------------------------------------------------- | David Mitchell ([EMAIL PROTECTED]) Network Engineer IV | | Tel: (303) 497-1845 National Center for | | FAX: (303) 497-1818 Atmospheric Research | ----------------------------------------------------------------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
