Also getting the following on the switch log:
19:23:13: tty2 AAA/AUTHOR/EXEC
(4066001896): send AV service=shell
19:23:13: tty2 AAA/AUTHOR/EXEC (4066001896): send AV cmd*
19:23:13: tty2 AAA/AUTHOR/EXEC (4066001896): found list "default"
19:23:13: tty2 AAA/AUTHOR/EXEC (4066001896): Method=radius (radius)
19:23:13: RADIUS: no appropriate authorization type for user.
I am all but certain this is a self-inflicted wound. At least those
are easier to fix once their nature is known.
I currently have no attributes in my openldap tree populated... will
eventually add a group filter when I get this authotization piece
working. Could the problem be ldap-related or switch or ??? I'm
stumped. I can't imagine no one has dealt with this before.
Alan DeKok wrote:
Jeff Davis wrote:
Sorry - I'm a n00b to this project.
Trying to get OpenLDAP-based authentication working (well the auth DOES
work) but cannot seem to get authorization working.
Googling has so far failed me. Perhaps someone on this list can clue me
in...
Have you run the server in debug mode as suggested in the FAQ, README,
"man" page, etc..?
users file has the following:
DEFAULT Service-Type == NAS-Prompt-User
Service-Type := NAS-Prompt-User,
Cisco-AVPair += "shell:priv-lvl=15"
If those attributes are being sent back to the NAS, then fix the NAS
so that it follows the instructions sent by the RADIUS server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Jefferson K Davis
Technology & Information Systems Manager
Standard School District
1200 North Chester Ave
Bakersfield, CA 93308
USA
661.392.2110 ext 120
|
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
