Hi, Thanks for Free Radius - I'm confident it will be just what we need.
I have set it up on a Dell DL360 G5 running CentOS 2.3 and created simple clients.conf, raddb.conf and users files. Radtest and logins from a couple of clients are working well. However, when I try to move up from the absolute basics, e.g. to give my user who telnets to a Cisco switch an enabled priveledge leval it just doesn't work: the user logons OK but is still at the plain command prompt. I'm sure it's something simple I've missed and I'd be grateful if you could give me any pointers. I've looked through the mailing-list archive, and although one question is exactly the same Freeradius and Cisco (cisco-avpair = "shell:priv-lvl=15" doesn't work) I seem to have everything they have suggested in the answers? Thanks in advance for your help. Regards, Ian Here are some cuts from various files: Switch Config aaa authentication login nocusers group radius aaa authorization exec nocusers group radius aaa session-id common radius-server host 10.210.27.4 auth-port 1645 acct-port 1646 radius-server source-ports 1645-1646 line vty 0 4 exec-timeout 60 0 login authentication nocusers users dan Cleartext-Password := "password" Reply-Message = "Hello, %{User-Name}", Service-Type = Administrative-user, cisco-avpair = "shell:priv-lvl=15" ipj Cleartext-Password := "password" Reply-Message = "Hello, %{User-Name}", Service-Type = NAS-Prompt-User, cisco-avpair = "shell:priv-lvl=15" I also tried: dan Cleartext-Password := "password", Service-Type = Administrative-user, cisco-avpair = "shell:priv-lvl=15" Reply-Message = "Hello, %{User-Name}", Service-Type = Administrative-user, and dan Cleartext-Password := "password" Reply-Message = "Hello, %{User-Name}", Service-Type = "Administrative-user", # and Shell-user, and login and a few other things !-( cisco-avpair = "shell:priv-lvl=15" the login failed with the first alternate and logged on as a plain user on the second. Snips from radiusd -X output Sending Access-Accept of id 42 to 10.210.27.2 port 1645 Reply-Message = "Hello, ipj" Service-Type = NAS-Prompt-User Cisco-AVPair = "shell:priv-lvl=15" Sending Access-Accept of id 43 to 10.210.27.2 port 1645 Reply-Message = "Hello, dan" Service-Type = Administrative-User Cisco-AVPair = "shell:priv-lvl=15" Output from radtest [r...@radius1 raddb]# radtest dan password radius1:1645 0 testing123 Sending Access-Request of id 33 to 10.210.27.4 port 1645 User-Name = "dan" User-Password = "password" NAS-IP-Address = 10.210.27.4 NAS-Port = 0 rad_recv: Access-Request packet from host 10.210.27.4 port 32770, id=33, length=55 User-Name = "dan" User-Password = "password" NAS-IP-Address = 10.210.27.4 NAS-Port = 0 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "dan", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound [files] users: Matched entry dan at line 11 [files] expand: Hello, %{User-Name} -> Hello, dan ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "password" [pap] Using clear text password "password" [pap] User authenticated successfully ++[pap] returns ok Login OK: [dan] (from client radius1 port 0) +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 33 to 10.210.27.4 port 32770 Service-Type = Administrative-User Cisco-AVPair = "shell:priv-lvl=15" Reply-Message = "Hello, dan" Finished request 2. Going to the next request rad_recv: Access-Accept packet from host 10.210.27.4 port 1645, id=33, length=63 Waking up in 4.9 seconds. Service-Type = Administrative-User Cisco-AVPair = "shell:priv-lvl=15" Reply-Message = "Hello, dan" [r...@radius1 raddb]# Cleaning up request 2 ID 33 with timestamp +62 Ready to process requests.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html