The two things I have changed to get it working are: in users: DEFAULT Auth-Type := LDAP Service-Type = NAS-Prompt-User, cisco-avpair = "shell:priv-lvl=15", Fall-Through = 1 and added on the switch: aaa authorization exec default group radius local aaa authorization network default group radius local Next - ldapgroupfilter. I have a group of users called "radiususers" - and the following in radiusd.conf: groupname_attribute = cn groupmembership_filter = (&(objectClass=posixGroup)(memberUid=%{Stripped-User-Name:-%{User-Name}})) and in users: DEFAULT LDAP-Group == radiususers Service-Type = Administrative-User But any ldap user can sill login regardless of group membership. Where am I screwing up? Thanks, -Jeff Ivan Kalik wrote: 19:23:13: RADIUS: no appropriate authorization type for user. I am all but certain this is a self-inflicted wound.It is. Have a look at your aaa configuration. Do you see an authorization line anywhere?Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Jefferson K Davis Technology & Information Systems Manager Standard School District 1200 North Chester Ave Bakersfield, CA 93308 USA 661.392.2110 ext 120 |
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html