07-13-2009 10:26 PM - edited 03-10-2019 04:35 PM
Hi. I have been looking for hours for the answer. I have posted here in desperation.
I have a remote access policy configured in windows IAS for radius authentication to send a cisco AV pair attribute to the authenticating client. The string value is "shell:priv-lvl=15". At the moment this attribute does not take effect when logging in through the console, but does when connecting by telnet.
I have attached the config.
I would prefer not to use tacacs+, So if there is anyway to get this to work please help :)
Solved! Go to Solution.
07-14-2009 09:17 AM
Matthew,
By default authorization is disabled on console. So to make it work you need to issue this hidden command,
aaa authorization console
Regards,
~JG
Do rate helpful posts
07-14-2009 07:19 AM
Your console config is blank. Is that correct or did you remove it for posting?
07-14-2009 09:17 AM
Matthew,
By default authorization is disabled on console. So to make it work you need to issue this hidden command,
aaa authorization console
Regards,
~JG
Do rate helpful posts
07-14-2009 01:45 PM
Arg! it IS hidden! That is diabolical!
But it works. Thankyou 100x kind sir.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: