Aruba & ProVision-based
cancel
Showing results for 
Search instead for 
Did you mean: 

Menu disabled when using aaa authorization commands radius set

 
New Member

Menu disabled when using aaa authorization commands radius set

I've got Radius authentication setup and it's working okay, but I also want to setup command authorization so I can control what commands an account is able to run.  I've setup a test account in freeradius:

test Cleartext-Password := "notsecure"
        Service-Type = Administrative-User,
        HP-Command-String = "",
        HP-Command-Exception = 1

and set aaa authorization commands radius on the switch (a procurve 2610).  Problem is despite the definition allowing all commands (and this works) it would appear "menu" doesn't work, I get the error "Not authorized to execute this command.".

Has anyone succesfully enabled radius command authorization and managed to retain access to the menu?

 

 

1 REPLY 1
Trusted Contributor

Re: Menu disabled when using aaa authorization commands radius set

Menu is a special command that you have to explicitly allow in the command list because it implies the user has full access to anything the menu can do.  To allow it:

test Cleartext-Password := "test"
     Service-Type = 6,
     HP-Command-String = "menu;.*"