Have you configured that priv level? Only 1 and 15 are configured by default.
Ivan Kalik Kalik Informatika ISP Dana 4/3/2008, "David Bell" <[EMAIL PROTECTED]> piše: >Hi folks, same david Bell, different email address :) > >Well I now have RADIUS and Cisco working pretty much as I want. > >However it seems to be passing the AVPair stuff back, but the Cisco doesnt >seem to recognise it. > >Where have I gone wrong. > >My Users file has the following > >DEFAULT Ldap-Group == "SMC7", Auth-Type := Accept > Reply-Message = "You now have level 7 access as part of the SMC >Group\n", > cisco-avpair = "shell:priv-lvl=7" > >When I log in I see freeRADIUS reply with the relevent parts > >++[ldap] returns ok >++[expiration] returns noop >++[logintime] returns noop >rlm_pap: Found existing Auth-Type, not changing it. >++[pap] returns noop > rad_check_password: Found Auth-Type Accept > rad_check_password: Auth-Type = Accept, accepting the user >Login OK: [bob/pass1] (from client 212.95.252.0/24 port 0) >Sending Access-Accept of id 10 to 212.95.252.25 port 39111 > Reply-Message = "You now have level 7 access as part of the SMC >Group\n" > Cisco-AVPair = "shell:priv-lvl=7" >Finished request 0. >Going to the next request >Waking up in 0.9 seconds. >Waking up in 4.0 seconds. >Cleaning up request 0 ID 10 with timestamp +7 >Ready to process requests. > >With verbose RADIUS debugging on the Cisco > >Username: bob >Password: >You now have level 7 access as part of the SMC Group > > >Switch> >16:10:20: RADIUS: Pick NAS IP for u=0x3C8D5F8 tableid=0 cfg_addr=0.0.00 >16:10:20: RADIUS: ustruct sharecount=1 >16:10:20: Radius: radius_port_info() success=1 radius_nas_port=1 >16:10:20: RADIUS: added cisco VSA 2 len 4 "tty0" >16:10:20: RADIUS: Received from id 1645/10 212.95.255.242:1812, >Access-Accept, len 99 >16:10:20: RADIUS: saved authorization data for user 3C8D5F8 at 3CD2348 > >When I ask the cisco for the current privilege level > >Switch>show priv >Current privilege level is 1 > >Anyone got any pointers? > >David > > > > > > > > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
