It worked!!! Thanks for your help.
Steve. -----Original Message----- From: Heikki Vatiainen [mailto:[email protected]] Sent: Tuesday, November 15, 2011 1:52 PM To: Kim, Steve Cc: [email protected] Subject: Re: [RADIATOR] Radiator 4.9 and cisco-avpair On 11/15/2011 07:20 PM, Kim, Steve wrote: > I think this time it looks better. However, my user tells me that he still > gets level-1 as below: Radiator is now sending cisco-avpair=priv-lvl=15 back to the client. If this does not work you could try changing the last parameter of AuthorizeGroup to {priv-lvl=15} If that still does not work, you need to check the client device's manual to see what it expects back when changing the privilege level. Thanks! Heikki > Username:connolly > Password: > > tacacs-test> > tacacs-test> > tacacs-test> > tacacs-test> > tacacs-test>enable (I had to enter this command) > Password: > tacacs-test# > > I am still only being put in level 1. > > > Here is log that reflect above: > > Tue Nov 15 12:10:27 2011: DEBUG: Packet dump: > *** Reply to TACACSPLUS request: > Code: Access-Accept > Identifier: UNDEF > Authentic: > <216><16><173><169><212><173>l<216>|<163><6><164><11><221>z_ > Attributes: > tacacsgroup = netadmin > > Tue Nov 15 12:10:27 2011: DEBUG: TacacsplusConnection result > Access-Accept Tue Nov 15 12:10:27 2011: DEBUG: TacacsplusConnection > Authentication REPLY 1, 0, , Tue Nov 15 12:10:27 2011: DEBUG: > TacacsplusConnection disconnected from xxx.xxx.11.242:44082 Tue Nov 15 > 12:10:27 2011: DEBUG: New TacacsplusConnection created for > xxx.xxx.11.242:62420 Tue Nov 15 12:10:27 2011: DEBUG: > TacacsplusConnection request 192, 2, 1, 0, 2531823864, 51 Tue Nov 15 > 12:10:27 2011: DEBUG: TacacsplusConnection Authorization REQUEST 6, 1, > 1, 1, connolly, tty1, xxx.xxx.11.1, 2, service=shell cmd* Tue Nov 15 > 12:10:27 2011: DEBUG: AuthorizeGroup rule match found: permit > service=shell cmd\* { cisco-avpair=priv-lvl=15 } Tue Nov 15 12:10:27 > 2011: INFO: Authorization permitted for connolly at xxx.xxx.11.242, > group netadmin, args service=shell cmd* Tue Nov 15 12:10:27 2011: > DEBUG: TacacsplusConnection Authorization RESPONSE 1, , , > cisco-avpair=priv-lvl=15 Tue Nov 15 12:10:27 2011: DEBUG: > TacacsplusConnection disconnected from xxx.xxx.11.242:62420 Tue Nov 15 > 12:13:19 2011: DEBUG: New TacacsplusConnection created for > xxx.xxx.11.242:29509 Tue Nov 15 12:13:19 2011: DEBUG: > TacacsplusConnection request 192, 2, 1, 0, 1514782278, 70 Tue Nov 15 > 12:13:19 2011: DEBUG: TacacsplusConnection Authorization REQUEST 1, 0, > 1, 0, connolly, tty1, xxx.xxx.11.1, 3, service=shell cmd=enable > cmd-arg=<cr> Tue Nov 15 12:13:19 2011: DEBUG: AuthorizeGroup rule > match found: permit .* { } Tue Nov 15 12:13:19 2011: INFO: > Authorization permitted for connolly at xxx.xxx.11.242, group > netadmin, args service=shell cmd=enable cmd-arg=<cr> Tue Nov 15 > 12:13:19 2011: DEBUG: TacacsplusConnection Authorization RESPONSE 1, , > , Tue Nov 15 12:13:19 2011: DEBUG: TacacsplusConnection disconnected > from xxx.xxx.11.242:29509 -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
