07-13-2009 10:26 PM - edited 03-10-2019 04:35 PM
Hi. I have been looking for hours for the answer. I have posted here in desperation.
I have a remote access policy configured in windows IAS for radius authentication to send a cisco AV pair attribute to the authenticating client. The string value is "shell:priv-lvl=15". At the moment this attribute does not take effect when logging in through the console, but does when connecting by telnet.
I have attached the config.
I would prefer not to use tacacs+, So if there is anyway to get this to work please help :)
Solved! Go to Solution.
07-14-2009 09:17 AM
Matthew,
By default authorization is disabled on console. So to make it work you need to issue this hidden command,
aaa authorization console
Regards,
~JG
Do rate helpful posts
07-14-2009 07:19 AM
Your console config is blank. Is that correct or did you remove it for posting?
07-14-2009 09:17 AM
Matthew,
By default authorization is disabled on console. So to make it work you need to issue this hidden command,
aaa authorization console
Regards,
~JG
Do rate helpful posts
07-14-2009 01:45 PM
Arg! it IS hidden! That is diabolical!
But it works. Thankyou 100x kind sir.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide