https://community.extremenetworks.com/t5/extremeswitching-exos-switch/x460-24x-and-freeradius/m-p/41164#M9430 Create Date: Aug 16 2012 4:03PM<BR /> <BR /> You will need this attribute:<BR /> <BR /> Service-Type = Administrative (from john_padilla) Wed, 08 Jan 2014 05:54:00 GMT EtherNation_Use 2014-01-08T05:54:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/x460-24x-and-freeradius/m-p/41163#M9429 Create Date: Aug 14 2012 11:06PM<BR /> <BR /> Good day!<BR /> May be you can help me?<BR /> I have a X460-24x configured to be a radius client.<BR /> But can't login to switch with read-write privileges. Only with read rights.<BR /> The user in userss file looks like:<BR /> user Crypt-Password := '/fc/f%Q(T2msY', Auth-Type := Crypt-Local<BR /> Service-Type = NAS-Prompt-User,<BR /> Service-Type = Login-User,<BR /> Cisco-AVPair = "shell:priv-lvl=15",<BR /> Extreme-CLI-Authorization = Disabled<BR /> <BR /> I have added to the dictionary file:<BR /> VENDOR Extreme 1916<BR /> BEGIN-VENDOR Extreme<BR /> ATTRIBUTE Extreme-CLI-Authorization 201 integer Extreme<BR /> ATTRIBUTE Extreme-Shell-Command 202 string Extreme<BR /> ATTRIBUTE Extreme-Netlogin-Vlan 203 string Extreme<BR /> ATTRIBUTE Extreme-Netlogin-Url 204 string Extreme<BR /> ATTRIBUTE Extreme-Netlogin-Url-Desc 205 string Extreme<BR /> ATTRIBUTE Extreme-Netlogin-Only 206 integer Extreme<BR /> ATTRIBUTE Extreme-User-Location 208 string Extreme<BR /> ATTRIBUTE Extreme-Netlogin-Vlan-Tag 209 integer Extreme<BR /> ATTRIBUTE Extreme-Netlogin-Extended-Vlan 211 string Extreme<BR /> ATTRIBUTE Extreme-Security-Profile 212 string Extreme<BR /> VALUE Extreme-CLI-Authorization Disabled 0<BR /> VALUE Extreme-CLI-Authorization Enabled 1<BR /> VALUE Extreme-Netlogin-Only Disabled 0<BR /> VALUE Extreme-Netlogin-Only Enabled 1<BR /> END-VENDOR Extreme<BR /> <BR /> Then i'am trying to login tcpdump shows:<BR /> Access Accept (2), id: 0x56, Authenticator: bb4ce22bbe219e946974870d0dd5005a<BR /> Service Type Attribute (6), length: 6, Value: NAS Prompt<BR /> Vendor Specific Attribute (26), length: 25, Value: Vendor: Cisco (9)<BR /> Vendor Attribute: 1, Length: 17, Value: shell:priv-lvl=15<BR /> Vendor Specific Attribute (26), length: 12, Value: Vendor: Unknown (1916)<BR /> Vendor Attribute: 201, Length: 4, Value: ....<BR /> <BR /> I see that Vendor Attribute: 201 value is .... But it should be 0 i think.<BR /> <BR /> At the same time radiusd -x shows:<BR /> Sending Access-Accept of id 87 to 192.168.1.2 port 56198<BR /> Service-Type = NAS-Prompt-User<BR /> Cisco-AVPair = "shell:priv-lvl=15"<BR /> Extreme-CLI-Authorization = Disabled<BR /> <BR /> There is a string value - Disabled. That's better but anyway i thought it should be 0. <BR /> May be this is the case. What can you suggest?<BR /> Thank you! (from Tim_Kap) Wed, 08 Jan 2014 05:54:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/x460-24x-and-freeradius/m-p/41163#M9429 EtherNation_Use 2014-01-08T05:54:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/x460-24x-and-freeradius/m-p/41164#M9430 Create Date: Aug 16 2012 4:03PM<BR /> <BR /> You will need this attribute:<BR /> <BR /> Service-Type = Administrative (from john_padilla) Wed, 08 Jan 2014 05:54:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/x460-24x-and-freeradius/m-p/41164#M9430 EtherNation_Use 2014-01-08T05:54:00Z