cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
468
Views
5
Helpful
3
Replies

Radius privil-lvl AV PAIR

Hi. I have been looking for hours for the answer. I have posted here in desperation.

I have a remote access policy configured in windows IAS for radius authentication to send a cisco AV pair attribute to the authenticating client. The string value is "shell:priv-lvl=15". At the moment this attribute does not take effect when logging in through the console, but does when connecting by telnet.

I have attached the config.

I would prefer not to use tacacs+, So if there is anyway to get this to work please help :)

1 Accepted Solution

Accepted Solutions

Jagdeep Gambhir
Level 10
Level 10

Matthew,

By default authorization is disabled on console. So to make it work you need to issue this hidden command,

aaa authorization console

Regards,

~JG

Do rate helpful posts

View solution in original post

3 Replies 3

Collin Clark
VIP Alumni
VIP Alumni

Your console config is blank. Is that correct or did you remove it for posting?

Jagdeep Gambhir
Level 10
Level 10

Matthew,

By default authorization is disabled on console. So to make it work you need to issue this hidden command,

aaa authorization console

Regards,

~JG

Do rate helpful posts

Arg! it IS hidden! That is diabolical!

But it works. Thankyou 100x kind sir.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: