Guys,
We are trying to allow users to authenticate to Cisco 26xx routers using
Freeradius with the rlm_ldap module (OpenLDAP). We would like some of
these users to be able to log in with enable privileges. The following
is what we have done to try this with no avail. The following is a
sample ldif entry:
#################################################################
dn: uid=homer, ou=people, dc=test, dc=net
objectclass: person
objectclass: radiusprofile
objectclass: uidObject
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: extensibleObject
cn: Homer Simpson
sn: Simpson
loginShell: /bin/bash
userpassword: {SSHA}fghkjfghkhgkfhgrofZyn2u9yiAAxbMP
uidnumber: 2001
gidnumber: 20
homeDirectory: /home/homer
uid: homer
shadowLastChange: 10877
shadowMin: 0
shadowMax: 999999
shadowWarning: 7
shadowInactive: -1
shadowExpire: -1
shadowFlag: 0
radiusAuthType: LDAP
radiusReplyItem: Juniper-Local-User-Name := tier1
radiusReplyItem: Cisco-AVPair := "shell:priv-lvl=15"
radiusprofileDN: uid=homer, ou=people, dc=test, dc=net
#################################################################
The following is what we have on the router:
#################################################################
aaa new-model
aaa authentication login default group radius enable
aaa authorization exec default group radius
enable secret password
radius-server host 67.106.198.70 auth-port 1812 acct-port 1813
radius-server retransmit 3
radius-server key testing123
#################################################################
What else are we missing? Any help would be appreciated.
Robert
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
