freerad...@corwyn.net wrote: ... > Add to top of ./raddb/users: > > DEFAULT Ldap-Group == "UserGroup",Service-Type = > NAS-Prompt-User,cisco-avpair = "shell:priv-lvl=15"
Are you sure that is correct? > If I removing authorization from the Cisco config to: > no aaa authorization exec default group radius none > > and then I can log in. > > At the top of ./users: > rsteeves Cleartext-Password := "xxx" > Service-Type = NAS-Prompt-User, > cisco-avpair = "shell:priv-lvl=15" Why does that entry look so different from the previous one? See "man users" for documentation on the format, and how it works. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html