Radius privil-lvl AV PAIR

Answered Question
Jul 13th, 2009

Hi. I have been looking for hours for the answer. I have posted here in desperation.

I have a remote access policy configured in windows IAS for radius authentication to send a cisco AV pair attribute to the authenticating client. The string value is "shell:priv-lvl=15". At the moment this attribute does not take effect when logging in through the console, but does when connecting by telnet.

I have attached the config.

I would prefer not to use tacacs+, So if there is anyway to get this to work please help :)

I have this problem too.
0 votes
Correct Answer by Jagdeep Gambhir about 7 years 4 months ago

Matthew,

By default authorization is disabled on console. So to make it work you need to issue this hidden command,

aaa authorization console

Regards,

~JG

Do rate helpful posts

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Collin Clark Tue, 07/14/2009 - 07:19

Your console config is blank. Is that correct or did you remove it for posting?

Correct Answer
Jagdeep Gambhir Tue, 07/14/2009 - 09:17

Matthew,

By default authorization is disabled on console. So to make it work you need to issue this hidden command,

aaa authorization console

Regards,

~JG

Do rate helpful posts

Actions

This Discussion