Re: Problems with Cisco switch and authorization. - resolved.

Jeff Davis Mon, 15 Jun 2009 10:27:10 -0700

The two things I have changed to get it working are:

in users:
DEFAULT Auth-Type := LDAP Service-Type = NAS-Prompt-User, cisco-avpair = "shell:priv-lvl=15", Fall-Through = 1

and added on the switch:

aaa authorization exec default group radius local aaa authorization network default group radius local

Next - ldapgroupfilter.

I have a group of users called "radiususers" - and the following in radiusd.conf:

groupname_attribute = cn groupmembership_filter = (&(objectClass=posixGroup)(memberUid=%{Stripped-User-Name:-%{User-Name}}))

and in users:

DEFAULT LDAP-Group == radiususers Service-Type = Administrative-User

But any ldap user can sill login regardless of group membership.

Where am I screwing up?

Thanks,

-Jeff

Ivan Kalik wrote:

19:23:13: RADIUS: no appropriate authorization type for user.

I am all but certain this is a self-inflicted wound.


It is. Have a look at your aaa configuration. Do you see an authorization
line anywhere?


Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Jefferson K Davis
Technology & Information Systems Manager
Standard School District
1200 North Chester Ave
Bakersfield, CA  93308
USA
661.392.2110 ext 120

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problems with Cisco switch and authorization. - resolved.

Reply via email to