On Wed, 12 Jan 2005, Costas Christonis wrote: > GC> Hello, > > GC> Costas Christonis wrote: > >> Hi to all, > >> i'm trying to set the telnet access to my users through radius and ldap > >> server. > >> What i did untill now is that everyone tha has the attribute > >> "Service-type" with the value "exec-user" can telnet to my cisco > >> switches and routers in privilege level 5. > >> I insert the attribute "Ciscoavpair" with the value > >> "exec:priv-lvl=0" or with the value "exec:privilege-level=0" but > >> nothing happens, everyone can telnet to my switches and logon > >> privilege level 5. > > GC> It's called Cisco-AVPair not CiscoAVPair. > > >> Can anyone help me? > >> > >> > >> > >> > >> > >> > >> > >> Best regards > > GC> Best Regards, > > > Yes that's correct but in LDAP the attribut is radiusciscovapair anyway > is that right? so i don't think tha the problem is that... >
do you have ldap.attrmap setup to map Cisco-AVPAir to radiusciscovapair as a reply item? What are you actually sending back in your reply? Radiusd -X will show you that. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html