On 03/06/2013 03:21 AM, Jimmy Stewpot wrote:
Hello,
We have always had the Cisco-AVPAIR of "shell:priv-lvl=15" which has been working for
some time. With the Cisco UCS platform we need to introduce an additional shell: variable which
looks like this "shell:roles=admin".
Your mileage may vary, but as the "Cisco-AvPair=shell:priv-lvl=15" is
equivalent to "Service-Type = Administrative-User" this might work:
DEFAULT LDAP-Group == "Network Full Access"
Service-Type := Administrative-User
Cisco-AVpair +="shell:roles=admin"
This seems to work on Nexus switches (VSA based attributes) and IOS
12.2/12.3 based Catalyst switches. It breaks authorization on IOS 12.1.
-Øystein
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
