R: log on device directly in priviledged mode

2007-04-11 Thread Molteni Davide



-Messaggio originale-
Da: [EMAIL PROTECTED] per conto di Alexander Papenburg
Inviato: mer 11/04/2007 15.41
A: FreeRadius users mailing list
Oggetto: Re: log on device directly in priviledged mode
 
Molteni Davide wrote:

 Finally I successfully managed to log into the cisco switch (thanks to 
 your help) using freeradius.
 Now I want that the radius users can directly enter into enable mode 
 of the cisco device. I set this in the users file

 test Auth-Type := Local, User-Password == test
  Cisco-AVPair = shell:priv-lvl=15

 but it doesn't work, the user test log into the cisco as unpriviledged.

 Is there something missing in the config?

 

 - 
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Hi,

you need something like that in your switch config:

aaa authorization exec default group [YOURSERVERGROUPHERE] local


I have tried but with the line you suggested Authorization fails and device 
won't let me in

winmail.dat- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: R: log on device directly in priviledged mode

2007-04-11 Thread Alexander Papenburg
Molteni Davide wrote:

 -Messaggio originale-
 Da: [EMAIL PROTECTED] per conto di Alexander Papenburg
 Inviato: mer 11/04/2007 15.41
 A: FreeRadius users mailing list
 Oggetto: Re: log on device directly in priviledged mode
  
 Molteni Davide wrote:
   
 Finally I successfully managed to log into the cisco switch (thanks to 
 your help) using freeradius.
 Now I want that the radius users can directly enter into enable mode 
 of the cisco device. I set this in the users file

 test Auth-Type := Local, User-Password == test
  Cisco-AVPair = shell:priv-lvl=15

 but it doesn't work, the user test log into the cisco as unpriviledged.

 Is there something missing in the config?

 

 - 
 List info/subscribe/unsubscribe? See 
 http://www.freeradius.org/list/users.html
 

 Hi,

 you need something like that in your switch config:

 aaa authorization exec default group [YOURSERVERGROUPHERE] local


 I have tried but with the line you suggested Authorization fails and device 
 won't let me in
   

Oh I am sorry, seems like this will work only on cisco router, for 
switches you need tacacs for exec mode.

cisconfusion %)


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html