Hi Alan, >> So the Cisco DOES receive the attributes in the reply packet, but obviously >> ignores them?? > >what does your CISCO IOS config look like for radius ? It appears that you may >only have the authentication line and not the authorization line...eg > >aaa new-model >aaa authentication login default radius local >aaa authorization exec default radius local
Shame on me!! Seems I dont really understand how Cisco handles all this Authorization/Authentication :-(( Adding the "authorization"-line as you suggested did the job! (I assumed this would not be necessary since the Reply attribute would automatically put the user in privileged mode...) Thanks a lot for your help! thomas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
