- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- 5900 v7.2 and Radius
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
05-02-2013 08:34 AM
05-02-2013 08:34 AM
5900 v7.2 and Radius
I've got a 5900 firmware 7.2 and I'm trying to get SSH to work. I've set it up with FreeRadius and I'm able to SSH in however the accounts have no permissions. I can get into system-view but I'm unable to do anything other that use the 'display' command.
Config:
----------------
user-interface vty 0 15
authentication-mode scheme
user-role network-admin
protocol inbound ssh
#
ssh server enable
#
radius scheme rad
primary authentication $IPADDRESS
primary accounting $IPADDRESS
key authentication cipher $KEY
key accounting cipher $KEY
user-name-format keep-original
#
domain system
authentication login radius-scheme rad
authorization login radius-scheme rad
#
domain default enable system
#
role default-role enable
FreeRadius:
----------------------
ADMIN1 Auth-Type = System
Service-Type = Administrative-User,
Login-Service = 50,
Huawei-Exec-Privilege = 3
ADMIN2 Cleartext-Password := "password"
Service-Type += Login-User,
Login-Service += SSH,
H3C-Exec_Privilege = 3,
3Com-User-Access-Level = 3Com-Administrator
--------
I've tried both ADMIN1 and ADMIN2 but I get the same issue. I can SSH in, get to system-view but I keep getting "Permission Denied" whenever I try to execute commands (Ping, Edit Radius Scheme etc)
How do I give these accounts network-admin access? This radius configurartin works fine on a 10500 we have but an earlier version that doesn't have 'roles'.
Thanks!
- Tags:
- ssh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
05-29-2013 01:05 PM
05-29-2013 01:05 PM
Re: 5900 v7.2 and Radius
Hi,
You should return the attribute Cisco-AVPair. For example:
Cisco-AVPair += "shell:roles=network-admin"
Don't use H3C-Exec_Privilege and/or 3Com-User-Access-Level in the return to the 5920. It will not work when you combine "old" and "new". Good luck!
Best regards,
Sander Ruiter
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP