It should be in the request. Post the whole debug with the request. Ivan Kalik Kalik Informatika ISP
Dana 4/3/2008, "David Bell" <[EMAIL PROTECTED]> piše: >Added that, no difference. > >How do I put it in the request too? > >Thanks > >David > >-----Original Message----- >From: Ivan Kalik [mailto:[EMAIL PROTECTED] >Sent: 04 March 2008 10:35 >To: FreeRadius users mailing list >Subject: RE: Cisco AVpairs again. > > >Ah, there is no Service-Type in your reply. It should be Service-Type = >NAS-Prompt-User. Service type should be in the request too so make sure >it is this one. > >Ivan Kalik >Kalik Informatika ISP > > >Dana 4/3/2008, "David Bell" <[EMAIL PROTECTED]> piše: > >>Thanks for the raply Ivan - sorry to keep dragging this up. >> >>I have another user configured as lvl 15 - heres the output from freeRADIUS >> >>Login OK: [tom/pass1] (from client 212.95.252.0/24 port 0) >>Sending Access-Accept of id 13 to 212.95.252.25 port 43419 >> Reply-Message = "You now have level 15 access as part of the SMC >>Group\n" >> Cisco-AVPair = "shell:priv-lvl=15" >>Finished request 1. >> >>And on the cisco >> >>Username: tom >>Password: >>You now have level 15 access as part of the SMC Group >> >> >>Switch> >>16:46:33: RADIUS: Pick NAS IP for u=0x3C8D3A0 tableid=0 cfg_addr=0.0.00 >>16:46:33: RADIUS: ustruct sharecount=1 >>16:46:33: Radius: radius_port_info() success=1 radius_nas_port=1 >>16:46:33: RADIUS: added cisco VSA 2 len 4 "tty0" >>16:46:33: RADIUS: Received from id 1645/13 212.95.255.242:1812, >>Access-Accept, len 101 >>16:46:33: RADIUS: saved authorization data for user 3C8D3A0 at 3D46150 >>Switch>sh priv >>Current privilege level is 1 >> >>heres the AAA config of the Cisco >> >>aaa new-model >>aaa authentication login default group radius local >>aaa authentication login radius-login group radius local >>aaa authorization exec default none >>aaa authorization network default group radius none >> >>and the RADIUS config >> >>radius-server host 212.95.255.242 auth-port 1812 acct-port 1813 timeout 3 >>retransmit 3 key testing >>radius-server source-ports 1645-1646 >>radius-server vsa send accounting >>radius-server vsa send authentication >> >>Thanks again >> >>David >> >> >> >> >> >>-----Original Message----- >>From: Ivan Kalik [mailto:[EMAIL PROTECTED] >>Sent: 04 March 2008 09:58 >>To: FreeRadius users mailing list >>Subject: Re: Cisco AVpairs again. >> >> >>Have you configured that priv level? Only 1 and 15 are configured by >>default. >> >>Ivan Kalik >>Kalik Informatika ISP >> >> >>Dana 4/3/2008, "David Bell" <[EMAIL PROTECTED]> piše: >> >>>Hi folks, same david Bell, different email address :) >>> >>>Well I now have RADIUS and Cisco working pretty much as I want. >>> >>>However it seems to be passing the AVPair stuff back, but the Cisco doesnt >>>seem to recognise it. >>> >>>Where have I gone wrong. >>> >>>My Users file has the following >>> >>>DEFAULT Ldap-Group == "SMC7", Auth-Type := Accept >>> Reply-Message = "You now have level 7 access as part of the SMC >>>Group\n", >>> cisco-avpair = "shell:priv-lvl=7" >>> >>>When I log in I see freeRADIUS reply with the relevent parts >>> >>>++[ldap] returns ok >>>++[expiration] returns noop >>>++[logintime] returns noop >>>rlm_pap: Found existing Auth-Type, not changing it. >>>++[pap] returns noop >>> rad_check_password: Found Auth-Type Accept >>> rad_check_password: Auth-Type = Accept, accepting the user >>>Login OK: [bob/pass1] (from client 212.95.252.0/24 port 0) >>>Sending Access-Accept of id 10 to 212.95.252.25 port 39111 >>> Reply-Message = "You now have level 7 access as part of the SMC >>>Group\n" >>> Cisco-AVPair = "shell:priv-lvl=7" >>>Finished request 0. >>>Going to the next request >>>Waking up in 0.9 seconds. >>>Waking up in 4.0 seconds. >>>Cleaning up request 0 ID 10 with timestamp +7 >>>Ready to process requests. >>> >>>With verbose RADIUS debugging on the Cisco >>> >>>Username: bob >>>Password: >>>You now have level 7 access as part of the SMC Group >>> >>> >>>Switch> >>>16:10:20: RADIUS: Pick NAS IP for u=0x3C8D5F8 tableid=0 cfg_addr=0.000 >>>16:10:20: RADIUS: ustruct sharecount=1 >>>16:10:20: Radius: radius_port_info() success=1 radius_nas_port=1 >>>16:10:20: RADIUS: added cisco VSA 2 len 4 "tty0" >>>16:10:20: RADIUS: Received from id 1645/10 212.95.255.242:1812, >>>Access-Accept, len 99 >>>16:10:20: RADIUS: saved authorization data for user 3C8D5F8 at 3CD2348 >>> >>>When I ask the cisco for the current privilege level >>> >>>Switch>show priv >>>Current privilege level is 1 >>> >>>Anyone got any pointers? >>> >>>David >>> >>> >>> >>> >>> >>> >>> >>> >>> >>>- >>>List info/subscribe/unsubscribe? See >>http://www.freeradius.org/list/users.html >>> >>> >> >>- >>List info/subscribe/unsubscribe? See >>http://www.freeradius.org/list/users.html >> >> >> >> >>- >>List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html >> >> > >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
