Comware Based
1748136 Members
3526 Online
108758 Solutions
New Discussion

3com 4500 ssh user via radius not getting privelege

 
michalq5p
New Member

3com 4500 ssh user via radius not getting privelege

 

radius scheme work

 server-type standard

 primary authentication 192.168.1.3

 accounting optional

 key authentication ***

 user-name-format without-domain

#

domain work 

 scheme radius-scheme work

 access-limit enable 10 

domain system 


 

 

 ssh user user1@work authentication-type password
 ssh user user1@work service-type stelnet

user-interface vty 0 4
 authentication-mode scheme 
 protocol inbound ssh
 user privilege level 3

 

 

When logging into ssh i get only commands:

 

User view commands:

  cluster  Run cluster command

  display  Display current system information

  ping     Ping function

  quit     Exit from current command view

  super    Set the current user priority level

  telnet   Establish one TELNET connection

  tracert  Trace route function

 

Why i can't  use system-view, and the other commands?

 

 

 

1 REPLY 1
jnorthe
Occasional Advisor

Re: 3com 4500 ssh user via radius not getting privelege

Hi

add „H3C-Exec_Privilege“ to /usr/share/freeradius/dictionary.h3c . It should look like:

# Dictionary for Huawei-3Com. See also dictionary.huawei

#

# "http://www.h3c.com">http://www.h3c.com

#

# $Id: dictionary.h3c,v 1.2 2007/09/20 17:07:08 aland Exp

#

VENDOR H3C 25506

BEGIN-VENDOR H3C

ATTRIBUTE H3C-Connect_Id 26 integer

ATTRIBUTE H3C-Exec_Privilege 29 integer

ATTRIBUTE H3C-NAS-Startup-Timestamp 59 integer

ATTRIBUTE H3C-Ip-Host-Addr 60 string

ATTRIBUTE H3C-Product-ID 255 string

 

Then in dictionary.rfc2865, search for „Login Services“ and add the two lines (52 = ftp?):

VALUE Login-Service 3com-50 50

VALUE Login-Service 3com-52 52

 

In /etc/raddb/users add your 3c4500 administrator account:

3c4500admin Cleartext-Password := „XXXXXXXX“

Service-Type += Login-User,

Login-Service += Telnet,

Login-Service += 3com-50,

H3C-Exec_Privilege = 3,

3Com-User-Access-Level = 3Com-Administrator

 

Restart your radius server and login with user 3c4500admin and see if it works.

Regards

Juergen Northe