Hi Mike, I've been browsing through the emails in this thread for all occurrence of authorization and came upon your email. What happens when you debug aaa, radius and authorization? Do you see something like in the outputs ?
RADIUS: Cisco AVpair [1] 18 "shell:priv-lvl=12" Eugene From: Mike Rojas <[email protected]<mailto:[email protected]>> Date: Sat, 17 Mar 2012 17:49:45 -0600 To: <[email protected]<mailto:[email protected]>> Subject: [OSL | CCIE_Security] Shell Exec Authorization with Radius So here is something else that I find really concerning. There was an exercise that said... authorize user Blah and make you sure that the user falls into privilege level 12. Do not change anything on the group. So I figured that it has to do with the Cisco AV pair boxes under the ACS right..... So I didnt really remember the command to put the user on the privilege... Out of the hand, I remembered that was something like: priv-lvl=12 Test it and it worked fine. However, on the solution, the correct command is: shell:priv-lvl=12 Any Idea why it worked if the Attribute value was not with the right syntax? (By the way, the user showed the privilege fine, and if I removed it, the user never got into the exec mode) Mike _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
