Here is a copy from a mail I sent to someone else with the same question.
Your options are to do it like I described below or, when you have a somewhat bigger router (2600 and up I believe), you can use AV-pairs.
add a:
aaa authentication enable default radius enable
to your Cisco config.
Serge Maandag.
-----Original Message-----
From: Serge Maandag
Sent: woensdag 3 oktober 2001 10:15
To: '[EMAIL PROTECTED]'
Subject: RE: cisco config
Make sure your dictionary file says "$INCLUDE dictionary.cisco", config the cisco router with something like:
radius-server host <radius ip> auth-port 1812 acct-port 1813
radius-server retransmit 2
radius-server deadtime 2
radius-server key <radius key>
Config some routers in the client file:
client 192.168.1.1{
secret = <radius key>
shortname = bla1
}
client 192.168.1.2{
secret = <radius key>
shortname = bla2
}
Config a user in the users file:
##### The following entry is for user: Matthew ####
matthew Password == "secret1"
Auth-Type = Accept
$enab15$ Service-type == Administrative-User, Password == "secret1"
Reply-Message = " Welcome to Exec-mode, Matthew. All rights granted.",
Auth-Type = Accept
The $enab15$ is sent bij some cisco boxes / ios versions as user for enable authentication.
And run radiusd with the -X option to see what happens.
That should give you a starting point.
Serge.
