[RADIATOR] Tacacs role reply.
Mark Bassett
mbassett at intelius.com
Thu Feb 24 14:40:12 CST 2011
I am currently using this in AuthorizeGroup
DEFAULT permit service=shell cmd\* {priv-lvl=15}
I tried adding roles="network-admin" but that did not work
From: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au]
On Behalf Of Mark Bassett
Sent: Thursday, February 24, 2011 12:09 PM
To: radiator at open.com.au
Subject: [RADIATOR] Tacacs role reply.
Hi guys, I'm using tacacs+ on some cisco SanOS fiber switches. I am
able to authenticate and log in properly, but I am not being assigned
the proper tacacs role
"network-admin"
I need to add this pair
cisco-av-pair=shell:roles="network-admin"
but I am not sure where to add it.
Thu Feb 24 11:53:20 2011: DEBUG: TACACSPLUS derived Radius request
packet dump:
Code: Accounting-Request
Identifier: UNDEF
Authentic: <179><7><222><214><0>N<217><154><14><164>E<243>AXt<150>
Attributes:
NAS-IP-Address = xxxxxxx
NAS-Port-Id = "3009"
NAS-Identifier = "TACACS"
User-Name = "mbassett"
Acct-Status-Type = Stop
Acct-Session-Id = "307300720"
cisco-avpair = "task_id=/dev/pts/9_10.192.144.33"
cisco-avpair = "stop_time=Thu Feb 24 11:53:20 2011<10>"
cisco-avpair = "err_msg=shell terminated<0>"
cisco-avpair = "service=none"
OSC-Version-Identifier = "192"
Mark Bassett
Sr. Network Engineer
Intelius
p: 425-974-8810
c: 425-233-7253
e: mbassett at intelius.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20110224/14a35ba0/attachment.html
More information about the radiator
mailing list