I've got a 5900 firmware 7.2 and I'm trying to get SSH to work. I've set it up with FreeRadius and I'm able to SSH in however the accounts have no permissions. I can get into system-view but I'm unable to do anything other that use the 'display' command.
Config:
----------------
user-interface vty 0 15
authentication-mode scheme
user-role network-admin
protocol inbound ssh
#
ssh server enable
#
radius scheme rad
primary authentication $IPADDRESS
primary accounting $IPADDRESS
key authentication cipher $KEY
key accounting cipher $KEY
user-name-format keep-original
#
domain system
authentication login radius-scheme rad
authorization login radius-scheme rad
#
domain default enable system
#
role default-role enable
FreeRadius:
----------------------
ADMIN1 Auth-Type = System
Service-Type = Administrative-User,
Login-Service = 50,
Huawei-Exec-Privilege = 3
ADMIN2 Cleartext-Password := "password"
Service-Type += Login-User,
Login-Service += SSH,
H3C-Exec_Privilege = 3,
3Com-User-Access-Level = 3Com-Administrator
--------
I've tried both ADMIN1 and ADMIN2 but I get the same issue. I can SSH in, get to system-view but I keep getting "Permission Denied" whenever I try to execute commands (Ping, Edit Radius Scheme etc)
How do I give these accounts network-admin access? This radius configurartin works fine on a 10500 we have but an earlier version that doesn't have 'roles'.
Thanks!
