Radius privil-lvl AV PAIR

Answered Question
Jul 13th, 2009
User Badges:

Hi. I have been looking for hours for the answer. I have posted here in desperation.


I have a remote access policy configured in windows IAS for radius authentication to send a cisco AV pair attribute to the authenticating client. The string value is "shell:priv-lvl=15". At the moment this attribute does not take effect when logging in through the console, but does when connecting by telnet.


I have attached the config.

I would prefer not to use tacacs+, So if there is anyway to get this to work please help :)






Correct Answer by Jagdeep Gambhir about 7 years 11 months ago

Matthew,

By default authorization is disabled on console. So to make it work you need to issue this hidden command,


aaa authorization console


Regards,

~JG


Do rate helpful posts

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Collin Clark Tue, 07/14/2009 - 07:19
User Badges:
  • Purple, 4500 points or more

Your console config is blank. Is that correct or did you remove it for posting?

Correct Answer
Jagdeep Gambhir Tue, 07/14/2009 - 09:17
User Badges:
  • Red, 2250 points or more

Matthew,

By default authorization is disabled on console. So to make it work you need to issue this hidden command,


aaa authorization console


Regards,

~JG


Do rate helpful posts

Actions

This Discussion