On May 5, 2011, at 4:47 AM, Darren Shaw wrote: > Hello David, > > Thanks for the syntax. Sadly this still does not work. The free radius server > will authenticate me as a user but the 5K wants me as an operator and not > admin. > > If you have the 5K working, could I be cheeky and ask if you could mail me > the radius config on your 5K
There isn't anything in the radius config that enables this as far as I can tell. Do you have a local account on the 5K? That might override the info from the RADIUS server. Run the command 'show user-account' after logging in. For me, it indicates that the account was created via remote authentication. I assume you have run the radius server in debug mode to verify that the attributes are actually in the access accept packets sent back to the switch? -David Mitchell > > thanks > > Rgds > Darren Shaw > The Network Team > Computing Services > University of Huddersfield > Queensgate > Huddersfield > HD1 3DH > > TEL: 01484 471317 > MOBILE: 07792 773807 > > -----Original Message----- > From: freeradius-users-bounces+d.shaw=hud.ac...@lists.freeradius.org > [mailto:freeradius-users-bounces+d.shaw=hud.ac...@lists.freeradius.org] On > Behalf Of David Mitchell > Sent: 04 May 2011 15:14 > To: FreeRadius users mailing list > Subject: Re: Nexus Configurations > > > On May 4, 2011, at 4:48 AM, Darren Shaw wrote: > >> Good Morning >> >> I am new to this forum and to the workings of FreeRadius and I have a query >> around the Cisco Nexus family. >> >> Currently we have all our switches and routers authentication to FreeRadius >> and all seems to be working. The problem comes when I want to authenticate >> my Nexus 7K and 5K's. The 7Ks and 5Ks will authenticated me but the Nexus >> puts me in an operator role and not in an administrator's role. >> >> According to Cisco I have to place the following into >> >> /usr/local/etc/raddb/sites-available/default >> >> Cisco-AVPair = "shell:roles=\"network-operator vdc-admin\"" >> Cisco-AVPair = "shell:roles*\"network-operator vdc-admin\"" >> Cisco-AVPair = "shell:roles=\"network-admin vdc-admin\"" >> Cisco-AVPair = "shell:roles*\"network-admin\"" > > This is what I'm adding to the replies for Nexus 5K's. I don't have any 7K's > but I'd be surprised if > they were any different. I have not tried to send two roles so I can't > confirm the syntax for that. > > Cisco-AVPair += "shell:roles=network-admin", > Service-Type := Administrative-User, > > -David Mitchell > >> >> >> The current service type is = Administrative -User >> >> I have tried each AVPair and nothing works. Has anyone else had this issue? >> >> If anyone has any advice I would be really grateful. >> >> Thanks >> >> >> >> Rgds >> Darren Shaw >> The Network Team >> Computing Services >> University of Huddersfield >> Queensgate >> Huddersfield >> HD1 3DH >> >> TEL: 01484 471317 >> MOBILE: 07792 773807 >> >> >> >> ________________________________ >> >> --- >> This transmission is confidential and may be legally privileged. If you >> receive it in error, please notify us immediately by e-mail and remove it >> from your system. If the content of this e-mail does not relate to the >> business of the University of Huddersfield, then we do not endorse it and >> will accept no liability. >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > > ----------------------------------------------------------------- > | David Mitchell (mitch...@ucar.edu) Network Engineer IV | > | Tel: (303) 497-1845 National Center for | > | FAX: (303) 497-1818 Atmospheric Research | > ----------------------------------------------------------------- > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > --- > This transmission is confidential and may be legally privileged. If you > receive it in error, please notify us immediately by e-mail and remove it > from your system. If the content of this e-mail does not relate to the > business of the University of Huddersfield, then we do not endorse it and > will accept no liability. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ----------------------------------------------------------------- | David Mitchell (mitch...@ucar.edu) Network Engineer IV | | Tel: (303) 497-1845 National Center for | | FAX: (303) 497-1818 Atmospheric Research | ----------------------------------------------------------------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html