- Community Home
- >
- Servers and Operating Systems
- >
- HPE BladeSystem
- >
- BladeSystem - General
- >
- Re: GbE2c and RADIUS Management Auth failing
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-03-2009 05:52 AM
тАО08-03-2009 05:52 AM
GbE2c and RADIUS Management Auth failing
I am struggling to get a HP cClass GbE2c blade switch using RADIUS to authenticate administrators. I have a Windows 2003 IAS setup for RADIUS.
I have configured the switch and can see it talking to the server, plus the credentials are successfully authenticated and a reply sent back. However the user is disconnected from SSH immediately after this or the web interface just prompts for credentials again.
I guess I am missing a "Service-Type" or other attribute that the switch wants to see in the reply but can find no inforamtion on what the RADIUS attributes should be in the profile.
I have tried the standard "Service-Type" attribute as the value "Administrative" but it does not work.
Can anbody help?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-03-2009 06:56 AM
тАО08-03-2009 06:56 AM
Re: GbE2c and RADIUS Management Auth failing
In IAS, you need to add a Service type:
Service-Type | Value | Client Access Level
--------------------------------------------
Administrative | 6 | Manager
NAS-Prompt | 7 | Operator
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-03-2009 07:18 AM
тАО08-03-2009 07:18 AM
Re: GbE2c and RADIUS Management Auth failing
Are there vendor specific values required for these switches? I don't know what values I would enter though.
M
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-05-2009 01:18 AM
тАО08-05-2009 01:18 AM
Re: GbE2c and RADIUS Management Auth failing
can see it talking to the server, plus the credentials are successfully authenticated and a reply sent back
<<<
double-check the "shared secret" configured between GbE2c and the IAS.
if different, this logs only a few times at first connection between radius client and IAS in the windows eventlog.
all other are logged "authenticated" because packets from radius client are succesfully sent to IAS and authenticated at the user-database (AD), but the response from the IAS to the radius-client (the switch) cannot be "decoded" because of mismatched shared secret.
(may be seen by on cisco using
"debug aaa authentication" + "debug radius authentication" don't know exact syntax on procurve)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-05-2009 07:18 AM
тАО08-05-2009 07:18 AM
Re: GbE2c and RADIUS Management Auth failing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-06-2009 02:14 AM
тАО08-06-2009 02:14 AM
Re: GbE2c and RADIUS Management Auth failing
I guess I am missing a "Service-Type" or other attribute that the switch wants to see in the reply but can find no inforamtion on what the RADIUS attributes should be in the profile.
Psosible values for the Service-Type AVP:
! Service Types
VALUE Service-Type Login-User 1
VALUE Service-Type Framed-User 2
VALUE Service-Type Callback-Login-User 3
VALUE Service-Type Callback-Framed-User 4
VALUE Service-Type Outbound-User 5
VALUE Service-Type Administrative-User 6
VALUE Service-Type NAS-Prompt-User 7
VALUE Service-Type Authenticate-Only 8
VALUE Service-Type Callback-NAS-Prompt 9
VALUE Service-Type Call-Check 10
VALUE Service-Type Callback-Administrative 11
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-06-2009 02:59 AM
тАО08-06-2009 02:59 AM
Re: GbE2c and RADIUS Management Auth failing
mentions attributes on page-20
Pieter
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2009 06:14 AM
тАО08-07-2009 06:14 AM
Re: GbE2c and RADIUS Management Auth failing
from the GbE2c Application Guide :
>> # /cfg/sys/sshd/on
>> # /cfg/sys/sshd/ena (Enable SCP apply and save)
SSHD# apply (Apply the changes to start generating RSA host and server keys)
NOTE: Secure Shell can be configured using the console port only. SSH menus do not display if you access the GbE2 Interconnect Switch using Telnet or the Browser-Based Interface.
When the SSH server is first enabled and applied, the GbE2 Interconnect Switch automatically generates the RSA host and server keys and is stored in the flash memory.
To configure RSA host and server keys, first connect to the GbE2 Interconnect Switch console connection (commands are not available via Telnet connection), and enter the following commands to generate them manually:
>> # /cfg/sys/sshd/hkeygen (Generates the host key)
>> # /cfg/sys/sshd/skeygen (Generates the server key)
These two commands take effect immediately without the need of an apply command.