1

I need to configure some Cisco switches (IOS 12.x) to authenticate against a RADIUS server; the server is Windows Server 2003's IAS, and it validates users against his Active Directory domain.

I know how to configure the switches to validate usernames/passwords against the RADIUS server, and I can succesfully login using an AD account; the question is: how can I set privilege level 15 for users, in order to not have to use enable each time?

Massimo
  • 68,714
  • 56
  • 196
  • 319

2 Answers2

3

send back the cisco-av-pair attribute with a value of "shell:priv-lvl=15".

1

Have a look here: How to Assign Privilege Levels with TACACS+ and RADIUS

Daniele Santi
  • 2,479
  • 1
  • 25
  • 22
  • I found that soon after posting the question :-) But I'm still accepting your answer, as that page actually helped me a lot. The only difficult bit was setting "shell:priv-lvl=15" on IAS, but it can be done. – Massimo Mar 25 '10 at 19:59