HPE Community
Aruba & ProVision-based
1752664 Members
5395 Online
108788 Solutions
New Discussion юеВ

Listing all accounts in 2930F switch

 
SHtan
Advisor

тАО09-28-2021 09:06 PM - last edited on тАО09-29-2021 07:04 AM by

тАО09-28-2021 09:06 PM - last edited on тАО09-29-2021 07:04 AM by

Listing all accounts in 2930F switch

Hello chaps!

Is it possible to list all accounts in the 2930F switch without going through the include-credentials route? include-credentials will need a factory reset which I'm inclined to perform

0 Kudos
5 REPLIES 5
akg7
HPE Pro

тАО09-29-2021 12:01 AM

тАО09-29-2021 12:01 AM

Re: Listing all accounts in 2930F switch

Hello @SHtan ,

What exactly you are looking for?

Below  link, it might be useful for you:

https://techhub.hpe.com/eginfolib/networking/docs/switches/K-KA-KB/15-18/5998-8150_access_security_guide/content/v21295791.html

https://support.hpe.com/hpesc/public/docDisplay?docId=a00091307en_us&docLocale=en_US

 

Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
0 Kudos
SHtan
Advisor

тАО09-29-2021 06:52 AM

тАО09-29-2021 06:52 AM

Re: Listing all accounts in 2930F switch

Hey akg7!

Basically i want to generate a list of accounts in the 2930F (with the associated roles) for Internal Audit's review.

These accounts are manager level and operator level accounts, there's no RADIUS or TACAS accounts in the switch.

 

0 Kudos
akg7
HPE Pro

тАО09-29-2021 09:20 AM

тАО09-29-2021 09:20 AM

Re: Listing all accounts in 2930F switch

Hello @SHtan ,

In this scenarion you can check by using below commands:

Aruba# show running-config | in user-name
or

Aruba# show running-config | in password

 

Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
0 Kudos
SHtan
Advisor

тАО09-29-2021 08:36 PM

тАО09-29-2021 08:36 PM

Re: Listing all accounts in 2930F switch

Hey @akg7 !

Thanks for getting back

I've ran both commands 

1. sh run | in user-name

This greps user-name as a string and returns a "password complexity user-name-check" command which I've set.

2. sh run | in password

This returns more data but the key commands returned shows "password manager" and "password operator". This command neither shows the manager's username nor the operator's username. (I have different named accounts for manager)

 

0 Kudos
t0ny1
Regular Visitor

тАО10-28-2021 12:01 AM - edited тАО10-28-2021 12:03 AM

тАО10-28-2021 12:01 AM - edited тАО10-28-2021 12:03 AM

Re: Listing all accounts in 2930F switch

Hello SHtan,

adding "include credentials" doesn't require a factory reset. Below I'm sending the switch warnings after it's performed: 

Aruba-2930F-48G-4SFPP(config)# include-credentials

**** CAUTION ****

You have invoked the command 'include-credentials'. This action will make
changes to the password and SSH public-key storage.

It will affect *all* stored configurations, which might need to be updated.
Those credentials will no longer be readable by older software revisions.
It also may break some of your existing user scripts. Continue?[y/n] y

**** CAUTION ****

This will insert possibly sensitive information in switch configuration files,
and as a part of some CLI commands output. It is strongly recommended that you
use SFTP rather than TFTP for transfer of the configuration over the network,
and that you use the web configuration interface only with SSL enabled.

Erasing configurations with 'include-credentials' enabled will erase stored
passwords and security credentials. The system will reboot with the factory
default configuration.

Proceed?[y/n] y
Aruba-2930F-48G-4SFPP(config)#

Maybe the last sentence in the warning gave you a false impession. But a device will reboot with factory default settings if you erase your saved configuration. In fact the switch will always reboot with factory default config if you delete the saved configuration and don't save your running config. No reboot or resets are necessary to add "include credentials" to your existing config.
Anyway back to your original topic, if you add "include credentials" then the above mentioned show commands will show you the accounts and their hashed passwords:

Aruba-2930F-48G-4SFPP(config)# show run | in password
password operator user-name "test-operator" sha1
"8cb2237d0679ca88db6464eac60da96345513964"

Without include credentials this returns as you stated only "password operator" which only tells you there is a configured operator account and nothing more.

HTH,
Toni

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.