RADIUS questions

Cisco radius questions...
1) How do I enable that all radius over ssh authenticated users have level 15 enable privileges? Even better if it directly drops them into the exec shell? We use freeradius with LDAP.

2) I have used aaa authentication login default group radius local on vty 0 4 or aaa authentication login default local group radius on the same vty 0 4. But I have never been able to login as local or vice versa as radius on the same vty via SSH. My idea was in case that I ever forgot my radius users password I can use a local user as a fallback. So Imagine I have applied aaa authentication login default radius local to the vty 0 4 where ssh is, but I have forgot my radius password and now I want to ssh with ssh localuser@ciscodevice? I mean, I tried that but for some reason it did never fallback to the local database, am I missing something?