[serg_sk]

Добрый день!

Пытаюсь подружить алькательку и радиус.

 

В настройках алькателя:

radius-server host w.x.y.z timeout 5 key xxxxxxx
aaa authentication login default radius local

 

Лог радиуса:

ad_recv: Access-Request packet from host 172.xx.xx.xx port 49154, id=0, length=77

User-Name = "user"

User-Password = "password"

Cisco-AVPair = "shell:priv-lvl=1"

NAS-IP-Address = 172.xx.xx.xx

# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default

+group authorize {

++[preprocess] = ok

++[chap] = noop

++[mschap] = noop

++[digest] = noop

[suffix] No '@' in User-Name = "user", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

[eap] No EAP-Message, not doing EAP

++[eap] = noop

[files] users: Matched entry user at line 1

++[files] = ok

++[expiration] = noop

++[logintime] = noop

++[pap] = updated

+} # group authorize = updated

Found Auth-Type = PAP

# Executing group from file /usr/local/etc/raddb/sites-enabled/default

+group PAP {

[pap] login attempt with password "password"

[pap] Using clear text password "password"

[pap] User authenticated successfully

++[pap] = ok

+} # group PAP = ok

# Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default

+group post-auth {

++[exec] = noop

+} # group post-auth = noop

Sending Access-Accept of id 0 to 172.xx.xx.xx port 49154

Service-Type = Administrative-User

Cisco-AVPair = "shell:priv-lvl=15"

Finished request 0.

Going to the next request

Waking up in 4.9 seconds.

 

Но алькател отказывается пускать в систему. Что предпринять?

[Predator56]

Радиус сервер какой? У меня с Nps нормально работает.

[serg_sk]

FreeRADIUS Version 2.2.9

[Predator56]

Cisco-AVPair = "shell:priv-lvl=1" с таким уровнем пускает только через telnet и ssh, через web морду не пустит. С уровнем 15 пускает везде.

[serg_sk]

Так указано же Cisco-AVPair = "shell:priv-lvl=15"