Aruba & ProVision-based
cancel
Showing results for 
Search instead for 
Did you mean: 

Aruba 2930m - additional user can log in via SSH but not HTTP

 
Mike32
Occasional Contributor

Aruba 2930m - additional user can log in via SSH but not HTTP

Hi,

I wonder if someone could help me out as I can't find the answer in the pdf manual.

By default Aruba 2930m has 2 accounts - manager and operator. The thing is - I need 3 manager accounts.

I've created two additional accounts using the below command:

aaa authentication local-user manager2 group Level-15 password plaintext

aaa authentication local-user manager3 group Level-15 password plaintext

manager2 and manager3 can log in via SSH and do everything... however it would be nice if they could log in via https as well just like "manager".

How do I tell the switch to add manager2 and manager3 to https access?

Thank you in advance,

Mike

6 REPLIES 6
racowi
Frequent Advisor

Re: Aruba 2930m - additional user can log in via SSH but not HTTP

Did you tried "aaa authentication web login radius" command? Also, what "show authentication" display about web?

Mike32
Occasional Contributor

Re: Aruba 2930m - additional user can log in via SSH but not HTTP

Hi,

aaa authentication web login radius - I thought I am using local authentication? manager2 and manager3 are local accounts.

if I enable radius it just takes longer for manager to log in via HTTPS, manager2 and manager3 still don't work.

here's the output of the show authentication command:

| Login Login Login
Access Task | Primary Server Group Secondary
-------------- + ----------- ------------ ----------
Console | Local None
Telnet | Local None
Port-Access | Local None
Webui | Local None
SSH | Local None
Web-Auth | ChapRadius radius None
MAC-Auth | ChapRadius radius None
SNMP | Local None
Local-MAC-Auth | Local None

| Enable Enable Enable
Access Task | Primary Server Group Secondary
-------------- + ----------- ------------ ----------
Console | Local None
Telnet | Local None
Webui | Local None
SSH | Local None

So SSH and WEbui use Local but it's just SSH that accepts manager2 and manager3. I am confused.

racowi
Frequent Advisor

Re: Aruba 2930m - additional user can log in via SSH but not HTTP

I just tried it and have the same results.

It look like only local user Manager and Operator can access the WebAgent, but not the aaa local-users created after.
Other option is using Radius.

Maybe they change this on new releases. Or are they expecting us to report it as a new feature?
Let me know if you find something new.

Mike32
Occasional Contributor

Re: Aruba 2930m - additional user can log in via SSH but not HTTP

Thank you for testing this. I really appreciate it.

It is a bit challenging to master a device if not everything is documented. HPE if you are reading this - if you want to be better than Cisco you basically need to do better.

HaVecko
Occasional Visitor

Re: Aruba 2930m - additional user can log in via SSH but not HTTP

Can I ask you if you found the solution? It is not normal to have local user database and can not use it for webui authentication.

Jan

Kevin_All-In
Occasional Visitor

Re: Aruba 2930m - additional user can log in via SSH but not HTTP

I'm also wondering if there is any solution for this as I'm running into the same behavior.