02-27-2024 11:05 AM
Hello Team,
I need your assistance, I've trying to configure radius authentication with Cisco switch to be authenticated from the NPS server, as shown below I've created 2 network policies on the NPS radius server first policy for TLs with shell-priv=15 and the other one for half admin read-only with shell-priv=7
whenever anyone tries to access the switch it grants him access with shell-priv=15 even when it hits on the half-admin policy with shell-priv=7
can anyone assist me? do I have to configure something else or do I miss anything?
02-27-2024 11:15 AM - edited 02-27-2024 11:19 AM
Can I see vty line config
Also can I see
Debug aaa authorization
MHM
02-27-2024 11:40 AM
vty config
02-27-2024 12:00 PM - edited 02-27-2024 12:01 PM
It seem to me that radius push both priv,
Add new user but without push service type and Access permission and try access using this new user
MHM
02-27-2024 12:35 PM
sorry man, i think u confused as the provided SS, have 2 different IPs with 2 different users so i think u doubted that the radius has pushed 2 shell values
02-27-2024 12:38 PM
So debug for two different IP not one IP? If yes then
Show privilege, İ think it is privilege 7 but it and privilege above one will appear with #
Do show privilege for both user and check exact privilege
MHM
02-27-2024 12:56 PM
it shows 15, however the radius is sending shell-priv=7
02-27-2024 01:27 PM
Yes friend this issue I analyze it' what is in my mind is that
Service type 6 administrative and privilege 7 not work with each other admin is override the privilege 7' to check add new use with privilege 7 and service type User and check
MHM
02-28-2024 07:31 AM
Thank you, I'm still checking this issue, and haven't found a solution yet, but I just have a question is what I'm talking about applicable?
I mean have you ever seen this solution?
02-29-2024 02:07 AM
You can not add new users with service type user?
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide