On Fri, 2012-10-12 at 09:13 +0200, Ruben Blendeman wrote: > Hi, > > I want assign different privileges to users, these are my users: > > admin Cleartext-Password := "admin" > cisco-avpair = "shell:priv-lvl=15" > > > > user1 Cleartext-Password := "user1" > cisco-avpair = "shell:priv-lvl=10" > > > > user2 Cleartext-Password := "user2" > cisco-avpair = "shell:priv-lvl=11" > > > But if I configure a privilege on my cisco switch on level 10, all my > users have the same rights. > If I debug on my switch, my user1 is not in priv lvl 10.. > Any idea how to fix it?
Have you seen the Wiki? http://wiki.freeradius.org/vendor/Cisco#Shell-Access You're not sending a "Service-Type" attribute to the switch, according to Cisco[0], it's required to send the "shell:priv-lvl=" attribute with a corresponding "Service-Type" attribute. (It might work on later versions of IOS without the latter attribute though). [0] http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a0080178a51.shtml -- Øystein Gyland - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html