Comware Based

Re: 3com 4500 ssh user via radius not getting privelege

New Member

3com 4500 ssh user via radius not getting privelege


radius scheme work

 server-type standard

 primary authentication

 accounting optional

 key authentication ***

 user-name-format without-domain


domain work 

 scheme radius-scheme work

 access-limit enable 10 

domain system 



 ssh user user1@work authentication-type password
 ssh user user1@work service-type stelnet

user-interface vty 0 4
 authentication-mode scheme 
 protocol inbound ssh
 user privilege level 3



When logging into ssh i get only commands:


User view commands:

  cluster  Run cluster command

  display  Display current system information

  ping     Ping function

  quit     Exit from current command view

  super    Set the current user priority level

  telnet   Establish one TELNET connection

  tracert  Trace route function


Why i can't  use system-view, and the other commands?




Occasional Advisor

Re: 3com 4500 ssh user via radius not getting privelege


add „H3C-Exec_Privilege“ to /usr/share/freeradius/dictionary.h3c . It should look like:

# Dictionary for Huawei-3Com. See also dictionary.huawei


# "">


# $Id: dictionary.h3c,v 1.2 2007/09/20 17:07:08 aland Exp


VENDOR H3C 25506


ATTRIBUTE H3C-Connect_Id 26 integer

ATTRIBUTE H3C-Exec_Privilege 29 integer

ATTRIBUTE H3C-NAS-Startup-Timestamp 59 integer

ATTRIBUTE H3C-Ip-Host-Addr 60 string

ATTRIBUTE H3C-Product-ID 255 string


Then in dictionary.rfc2865, search for „Login Services“ and add the two lines (52 = ftp?):

VALUE Login-Service 3com-50 50

VALUE Login-Service 3com-52 52


In /etc/raddb/users add your 3c4500 administrator account:

3c4500admin Cleartext-Password := „XXXXXXXX“

Service-Type += Login-User,

Login-Service += Telnet,

Login-Service += 3com-50,

H3C-Exec_Privilege = 3,

3Com-User-Access-Level = 3Com-Administrator


Restart your radius server and login with user 3c4500admin and see if it works.


Juergen Northe