5900 v7.2 and Radius

Joey_joejoe · ‎05-02-2013

I've got a 5900 firmware 7.2 and I'm trying to get SSH to work. I've set it up with FreeRadius and I'm able to SSH in however the accounts have no permissions. I can get into system-view but I'm unable to do anything other that use the 'display' command.

Config:

----------------

user-interface vty 0 15
authentication-mode scheme
user-role network-admin
protocol inbound ssh

#

ssh server enable

#

radius scheme rad
primary authentication $IPADDRESS
primary accounting $IPADDRESS
key authentication cipher $KEY
key accounting cipher $KEY
user-name-format keep-original

#

domain system
authentication login radius-scheme rad
authorization login radius-scheme rad

#

domain default enable system

#

role default-role enable

FreeRadius:

----------------------

ADMIN1 Auth-Type = System
Service-Type = Administrative-User,
Login-Service = 50,
Huawei-Exec-Privilege = 3

ADMIN2 Cleartext-Password := "password"
Service-Type += Login-User,
Login-Service += SSH,
H3C-Exec_Privilege = 3,
3Com-User-Access-Level = 3Com-Administrator

--------

I've tried both ADMIN1 and ADMIN2 but I get the same issue. I can SSH in, get to system-view but I keep getting "Permission Denied" whenever I try to execute commands (Ping, Edit Radius Scheme etc)

How do I give these accounts network-admin access? This radius configurartin works fine on a 10500 we have but an earlier version that doesn't have 'roles'.

Thanks!

SRuiter · ‎05-29-2013

Hi,

You should return the attribute Cisco-AVPair. For example:

Cisco-AVPair += "shell:roles=network-admin"

Don't use H3C-Exec_Privilege and/or 3Com-User-Access-Level in the return to the 5920. It will not work when you combine "old" and "new". Good luck!

Best regards,

Sander Ruiter

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

5900 v7.2 and Radius

5900 v7.2 and Radius

Re: 5900 v7.2 and Radius