https://community.hpe.com/t5/imc/imc-backup-fails-with-aaa-enabled/m-p/6816308#M2399 <P>My guess is that the script isn't handling the extra '@' very well. &nbsp;What do you see in the imccfgbakdm logfiles?</P> Fri, 04 Dec 2015 21:37:20 GMT LindsayHill 2015-12-04T21:37:20Z https://community.hpe.com/t5/imc/imc-backup-fails-with-aaa-enabled/m-p/6816131#M2392 <P>Hello,</P><P>I just recognized that backup with IMC isn´t working after enabling AAA/RADIUS based login on the switch. It seems I´m missing something.</P><P>Let´s look at the switch configuration (HP A5500-EI, Software Version 5.20 Release 2221P20)</P><PRE># domain default enable system # acl number 2201 name NMS rule 5 permit source 10.10.2.1 0 rule 10 deny # radius scheme RADIUS-Server primary authentication 10.10.1.1 key cipher SomeHashedPassword # domain system access-limit disable state active idle-cut disable self-service-url disable domain mydomain.com authentication default radius-scheme RADIUS-Server access-limit disable state active idle-cut disable self-service-url disable # local-user admin password cipher SomeHashedPassword authorization-attribute level 3 service-type lan-access service-type ssh telnet terminal service-type ftp service-type portal service-type web local-user RADIUSuser authorization-attribute level 3 service-type lan-access service-type ssh telnet terminal service-type ftp service-type portal service-type web local-user manager password cipher SomeHashedPassword authorization-attribute level 2 service-type telnet terminal local-user monitor password cipher SomeHashedPassword authorization-attribute level 1 service-type telnet terminal # snmp-agent [...] snmp-agent sys-info version v3 snmp-agent group v3 v3Group write-view ViewDefault notify-view ViewDefault acl 2201 snmp-agent target-host trap address udp-domain 10.10.2.1 params securityname HP_v3 v3 privacy snmp-agent usm-user v3 HP_v3 v3Group cipher authentication-mode sha SomeHashedPassword privacy-mode aes128 SomeHashedPassword acl 2201 # ssh server enable sftp server enable # user-interface aux 0 authentication-mode password set authentication password cipher $cSomeHashedPassword user-interface vty 0 15 authentication-mode scheme # </PRE><UL><UL><LI>With Putty/SSH I can happily login with user <STRONG>admin@system</STRONG></LI><LI>With Putty/SSH I can happily login with user <STRONG>RADIUSuser@mydomain.com</STRONG></LI><LI>IMC/SNMP works without any problems:</LI><LI><IMG src="https://community.hpe.com/t5/image/serverpage/image-id/66782i81CE8C1738C06E25/image-size/original?v=mpbl-1&amp;px=-1" alt="IMC-SNMP.png" title="IMC-SNMP.png" border="0" /></LI><UL><LI>IMC+SSH works with user admin@system and&nbsp;RADIUSuser@mydomain.com, e.g.:</LI></UL></UL></UL><P><IMG src="https://community.hpe.com/t5/image/serverpage/image-id/66783iA26B5C60DE520091/image-size/original?v=mpbl-1&amp;px=-1" alt="IMC-SSH.png" title="IMC-SSH.png" border="0" /></P><UL><LI>Let´s run "Configuration File Backup Result" within the "Configuration Center":</LI><LI><IMG src="https://community.hpe.com/t5/image/serverpage/image-id/66784i7029F5345D1D8F5B/image-size/original?v=mpbl-1&amp;px=-1" alt="IMC-backup.png" title="IMC-backup.png" border="0" /></LI></UL><UL><LI>What does the switch tell me with "dis log rev":</LI><LI><PRE>06:06:53:884 2015 SW47 CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=49-CommandSource=2-ConfigSource=3-ConfigDestination=2; Configuration is changed. 06:06:52:803 2015 SW47 CFGMAN/5/CFGMAN_CFGCOPY: -OptType=6-OptTime=10103-OptState=14-OptEndTime=23434564; Configuration is copied. 06:05:11:725 2015 SW47 CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=48-CommandSource=2-ConfigSource=3-ConfigDestination=2; Configuration is changed. 06:05:10:645 2015 SW47 CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=47-CommandSource=2-ConfigSource=3-ConfigDestination=2; Configuration is changed. 06:05:09:911 2015 SW47 CFGMAN/5/CFGMAN_CFGCOPY: -OptType=3-OptTime=10326-OptState=14-OptEndTime=23424275; Configuration is copied. 06:03:45:251 2015 SW47 CFGMAN/5/CFGMAN_EXIT: Exit from configuration mode. 06:03:26:616 2015 SW47 CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=46-CommandSource=2-ConfigSource=3-ConfigDestination=2; Configuration is changed. 05:59:52:144 2015 SW47 SSH/6/SSH_CONNECTION_CLOSE: STEL user admin@system (IP: 10.10.2.1) logged out because the SSH client closed the connection. 05:59:52:135 2015 SW47 SHELL/5/SHELL_LOGOUT: admin@system logged out from 10.10.2.1. 05:59:40:936 2015 SW47 SHELL/5/SHELL_LOGIN: admin@system logged in from 10.10.2.1. 05:59:40:826 2015 SW47 SSH/6/SSH_LOGIN: STEL user admin@system (IP: 10.10.2.1) logged in successfully. 05:59:40:800 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=ACCOUNT-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful. 05:59:40:799 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=ACCOUNT-AAAScheme= local-Service=login-UserName=admin@system; AAA launched. 05:59:40:796 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=AUTHOR-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful. 05:59:40:795 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=AUTHOR-AAAScheme= local-Service=login-UserName=admin@system; AAA launched. 05:59:40:794 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=AUTHEN-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful. 05:59:40:793 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=AUTHEN-AAAScheme= local-Service=login-UserName=admin@system; AAA launched. 05:59:27:087 2015 SW47 SSH/6/SSH_CONNECTION_CLOSE: STEL user admin@system (IP: 10.10.2.1) logged out because the SSH client closed the connection. 05:59:27:078 2015 SW47 SHELL/5/SHELL_LOGOUT: admin@system logged out from 10.10.2.1. 05:59:15:849 2015 SW47 SHELL/5/SHELL_LOGIN: admin@system logged in from 10.10.2.1. 05:59:15:740 2015 SW47 SSH/6/SSH_LOGIN: STEL user admin@system (IP: 10.10.2.1) logged in successfully. 05:59:15:723 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=ACCOUNT-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful. 05:59:15:721 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=ACCOUNT-AAAScheme= local-Service=login-UserName=admin@system; AAA launched. 05:59:15:719 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=AUTHOR-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful. 05:59:15:718 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=AUTHOR-AAAScheme= local-Service=login-UserName=admin@system; AAA launched. 05:59:15:716 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=AUTHEN-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful. 05:59:15:715 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=AUTHEN-AAAScheme= local-Service=login-UserName=admin@system; AAA launched. 05:59:06:125 2015 SW47 SSH/6/SSH_CONNECTION_CLOSE: STEL user admin@system (IP: 10.10.2.1) logged out because the SSH client closed the connection. 05:59:06:115 2015 SW47 SHELL/5/SHELL_LOGOUT: admin@system logged out from 10.10.2.1. 05:58:54:912 2015 SW47 SHELL/5/SHELL_LOGIN: admin@system logged in from 10.10.2.1. 05:58:54:805 2015 SW47 SSH/6/SSH_LOGIN: STEL user admin@system (IP: 10.10.2.1) logged in successfully. 05:58:54:787 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=ACCOUNT-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful. 05:58:54:786 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=ACCOUNT-AAAScheme= local-Service=login-UserName=admin@system; AAA launched. 05:58:54:783 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=AUTHOR-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful. 05:58:54:782 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=AUTHOR-AAAScheme= local-Service=login-UserName=admin@system; AAA launched. 05:58:54:781 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=AUTHEN-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful. 05:58:54:780 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=AUTHEN-AAAScheme= local-Service=login-UserName=admin@system; AAA launched.</PRE></LI></UL><P>&nbsp;</P><UL><LI>Interestingly, backup is running without any problems on other A5500-EI switches where only a normal "admin" user (without any RADIUS, additional domains configuration) is being configured. So it seems I´m missing something?</LI></UL> Fri, 04 Dec 2015 07:59:34 GMT https://community.hpe.com/t5/imc/imc-backup-fails-with-aaa-enabled/m-p/6816131#M2392 MichaelM55 2015-12-04T07:59:34Z https://community.hpe.com/t5/imc/imc-backup-fails-with-aaa-enabled/m-p/6816308#M2399 <P>My guess is that the script isn't handling the extra '@' very well. &nbsp;What do you see in the imccfgbakdm logfiles?</P> Fri, 04 Dec 2015 21:37:20 GMT https://community.hpe.com/t5/imc/imc-backup-fails-with-aaa-enabled/m-p/6816308#M2399 LindsayHill 2015-12-04T21:37:20Z