On Tue, Jul 20, 2004 at 12:49:55PM +1000, Paul Hampson wrote: > On Mon, Jul 19, 2004 at 08:05:28PM -0500, Robert Banniza wrote: > > I'm trying to set the Cli-Initial-Access-Level on a Juniper E-Series. > > However, the Juniper is not understanding: > > > radiusReplyItem: ERX-Cli-Initial-Access-Level := "5" > > > With that said, I have looked at > > http://www.juniper.net/techpubs/software/erx/erx50x/swconfig-broadband/html/radius-attributes.html > > and they state that the attribute is Juniper-Initial-CLI-Access-Level > > which is not being picked up either. I therefore tried > > Unisphere-Init-CLI-Access-Level which was not found as well. No matter > > which of these attributes I try, the initial login is always set to a > > privilege level of 10. However, I also have: > > > radiusReplyItem: ERX-Alternate-Cli-Access-Level := "15" > > > This attribute is found and works accordingly after logging in and > > issuing a 'enable 15'. > > > Anyone have any ideas as to what the attribute name should be called for > > the Initial CLI Access Level? I have been stumped on this for two weeks > > now and have googled and searched everything. > > Looking at that webpage, VSA 18 is the one you want. > "Juniper-Initial-CLI-Access-Level" > In FreeRADIUS's dictionary.ERX, that's > "ERX-Cli-Initial-Access-Level" > > So in short, that should work fine. >_< > > Raise it with your vendor?
This we have done. They mentioned that Unisphere-Init-CLI-Access-Level should work as well as ERX-Cli-Initial-Access-Level or Juniper-Initial-CLI-Access-Level. What I don't understand is how the Juniper is able to parse the three (as they are different names) and understand them. I do not have anything in ldap.attrmap that maps one to the other. Robert > > -- > Paul "TBBle" Hampson, on an alternate email client. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
