[c-nsp] IOS XR AAA
Jared Mauch
jared at puck.nether.net
Mon May 20 14:04:48 EDT 2013
On May 20, 2013, at 1:56 PM, "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com> wrote:
>
>
> On 20/05/2013 17:00, "Shane Heupel" <sheupel at twlakes.coop> wrote:
>
>> We just purchased a couple of ASR9Ks and we're trying to set up AAA to
>> our free radius servers. We have the ASRs configured to authenticate
>> against the AAA servers but are having some trouble with the user
>> attributes being passed between the ASRs and AAA server that define which
>> task group each user is assigned. Does anyone have a radius
>> configuration that they would mind sharing?
>>
>> Example user:
>> username bob
>> group netadmin
>> group sysadmin
>> group cisco-support
>>
>
> you need to include
>
> Cisco-avpair = "shell:task=#netadmin,#sysadmin,#cisco-support"
>
>
> in the profile.. If you send this profile to non-XR system, they might
> choke, so you might need to make it optional via
>
> Cisco-avpair = "shell:task*#netadmin,#sysadmin,#cisco-support"
You can also just do this:
usergroup priv15
taskgroup root-system
taskgroup cisco-support
!
(depending on which groups you need).
- Jared
More information about the cisco-nsp
mailing list