Wagner Pereira <wpere...@pop-sp.rnp.br> wrote: > > Thanks for cheered my model. It's updated now: > http://twitpic.com/rumfq/full > > Should I write these lines > > DEFAULT NAS-Identifier == switch, LDAP-Group == netref > Service-Type = NAS-Prompt-User, Cisco-AVPair = "shell:priv-lvl=15" > > in clients.conf file? > This is to go in the 'users' file and called from your 'authorize { }' section typically with 'files'.
http://wiki.freeradius.org/CONFIGURATION_FILES#USERS > By the way, this line > > aaa authentication login default group radius local > > that I have written in my Cisco IOS grants my log into it, I guess. > Should probably be: ---- aaa authentication login ssh local group radius aaa authorization exec default local group radius aaa authorization exec console none aaa accounting exec default start-stop group radius ---- Then that way the *local* database of user(s) on the switch is consulted first. Cheers -- Alexander Clouter .sigmonster says: People don't change; they only become more so. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
