I'm trying to set up my cisco router so that it gets the privilege level for the user which logs in. I've a freeradius server that fetches user data from mysql.
So far, logging in works fine - the router queries the radius server, which then authenticates the user and I get logged in. However, radius is sending the following:
From what I understand, setting the Cisco-AVPair should set the priv level of that user as they're logged in. In this case, I should get level 15 as soon as I log in, but I still end up as level 1. My aaa settings:
Anyone know why the router is ignoring the request to set me to level 15?
So far, logging in works fine - the router queries the radius server, which then authenticates the user and I get logged in. However, radius is sending the following:
Code:
auth: type Local
auth: user supplied User-Password matches local User-Password
Login OK: [growse/password] (from client nosey port 2 cli 192.168.0.2)
Sending Access-Accept of id 17 to 192.168.0.1 port 1645
Cisco-AVPair = "shell:priv-lvl=15"
Service-Type = Administrative-UserFrom what I understand, setting the Cisco-AVPair should set the priv level of that user as they're logged in. In this case, I should get level 15 as soon as I log in, but I still end up as level 1. My aaa settings:
Code:
aaa new-model
aaa authentication login default group radius enable
aaa authorization exec default if-authenticated
aaa authorization network default group radius local
aaa accounting update newinfo
aaa accounting exec default start-stop group radius
aaa session-id commonAnyone know why the router is ignoring the request to set me to level 15?
