Radius authentication on a Nexus 5k (5548) using ldap as radius backend

Published: by Creative Commons Licence

  • Tags:

Radius authentication on a Nexus 5k (5548) using ldap as radius backend

In the our current setup we are using radius with an ldap backup. Against this solution we found a way to configure the radius daemon in such a way that it is possible to gain admin rights. In this setup no changes to ldap where made.

The trick to get this up and running is the followin:

  1. In freeradius edit the default site, so that authorize looks like:

authorize { file ldap }
  1. edit the file users to contain the following lines:

DEFAULT
Service-Type := Administrative-User,
Cisco-AVPair += "shell:roles=network-admin"

Restarting the radius daemon now makes it possible for everybody that can authenticate to login and have admin privileges.