Also getting the following on the switch log:19:23:13: tty2 AAA/AUTHOR/EXEC (4066001896): send AV service=shellI am all but certain this is a self-inflicted wound. At least those are easier to fix once their nature is known. I currently have no attributes in my openldap tree populated... will eventually add a group filter when I get this authotization piece working. Could the problem be ldap-related or switch or ??? I'm stumped. I can't imagine no one has dealt with this before. Alan DeKok wrote: Jeff Davis wrote:Sorry - I'm a n00b to this project.Trying to get OpenLDAP-based authentication working (well the auth DOES work) but cannot seem to get authorization working. Googling has so far failed me. Perhaps someone on this list can clue me in...Have you run the server in debug mode as suggested in the FAQ, README, "man" page, etc..?users file has the following: DEFAULT Service-Type == NAS-Prompt-User Service-Type := NAS-Prompt-User, Cisco-AVPair += "shell:priv-lvl=15"If those attributes are being sent back to the NAS, then fix the NAS so that it follows the instructions sent by the RADIUS server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Jefferson K Davis Technology & Information Systems Manager Standard School District 1200 North Chester Ave Bakersfield, CA 93308 USA 661.392.2110 ext 120 |
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html