cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1014
Views
0
Helpful
3
Replies

Assign Priviledge levels with Radius

cmorris_DRI
Beginner
Beginner

I have a PIX 515E and a PIX 520 that i need to be able to assign priviledge levels to through radius, i have done it for the routers and switches using the shell:priv-level=15 on IAS, but it is not working for the PIX, is there another string that you have to put in for the PIX?

Thank you

3 Replies 3

Not applicable

djassi
Beginner
Beginner

Hi...

I'm not sure I can help you with your very old question, but I am pretty sure you can help me with mine, and eventually I might be able to help you with yours. :)

You mentioned that you have already configured your routers and switches to accept the shell:priv-level=15 command. I have tried, but the IAS reports a successful authentication but my router/switch says "Authorization Failed". Can you tell me how you configured your IAS policy to pass to the switch the priv-lvl=15 attribute.

I have the document "How to assign priviledge levels with TACACS+ and RADIUS" but it is not very clear on how to configure the Windows IAS Server. Thanks for any help you can give.

Djassi

All I did was create a group on our domain to put users in that I wanted to have access to the equipment and then created a policy under "Remote access policies" in IAS. In the group I specified the Attribute type "Windows-Group" and put the group in there that I wanted to have access to the equipment.

Then I just had to add the equipment under the clients folder and select "Radius-Standard". Hopefully this will work for you as well.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: