Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
447
Views
0
Helpful
1
Replies

non-Cisco ACS Radius superuser authentication to CSS

sam_crooks
Level 1
Level 1

‎01-10-2006 02:41 PM

Hi,

I am trying to figure out what to send the CSS to have super-user authentication work.

We are using free-radius. When I configure:

virtual authentication primary radius

and run the radius server in debug mode (radiusd -fxx)

I see that the CSS contacted the radius server, got and Access-Accept, but authenticated as a user ( CSS11501> prompt )

Is there an AV pair that can be sent to force superuser status?

ie: "shell:priv-lvl=15" for routers??

Labels:
0 Helpful
1 Reply 1

smalkeric
Level 6
Level 6

‎01-16-2006 11:57 AM

for a superuser, you can set the user name IETP Radius Attributes to server-type 006 administrative, which should be the same in all radius software. By setting the username like this, the authentication would work fine.

0 Helpful
Customers Also Viewed These Support Documents