- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- 5900 v7.2 and Radius
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-02-2013 08:34 AM
05-02-2013 08:34 AM
5900 v7.2 and Radius
I've got a 5900 firmware 7.2 and I'm trying to get SSH to work. I've set it up with FreeRadius and I'm able to SSH in however the accounts have no permissions. I can get into system-view but I'm unable to do anything other that use the 'display' command.
Config:
----------------
user-interface vty 0 15
authentication-mode scheme
user-role network-admin
protocol inbound ssh
#
ssh server enable
#
radius scheme rad
primary authentication $IPADDRESS
primary accounting $IPADDRESS
key authentication cipher $KEY
key accounting cipher $KEY
user-name-format keep-original
#
domain system
authentication login radius-scheme rad
authorization login radius-scheme rad
#
domain default enable system
#
role default-role enable
FreeRadius:
----------------------
ADMIN1 Auth-Type = System
Service-Type = Administrative-User,
Login-Service = 50,
Huawei-Exec-Privilege = 3
ADMIN2 Cleartext-Password := "password"
Service-Type += Login-User,
Login-Service += SSH,
H3C-Exec_Privilege = 3,
3Com-User-Access-Level = 3Com-Administrator
--------
I've tried both ADMIN1 and ADMIN2 but I get the same issue. I can SSH in, get to system-view but I keep getting "Permission Denied" whenever I try to execute commands (Ping, Edit Radius Scheme etc)
How do I give these accounts network-admin access? This radius configurartin works fine on a 10500 we have but an earlier version that doesn't have 'roles'.
Thanks!
- Tags:
- ssh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-29-2013 01:05 PM
05-29-2013 01:05 PM
Re: 5900 v7.2 and Radius
Hi,
You should return the attribute Cisco-AVPair. For example:
Cisco-AVPair += "shell:roles=network-admin"
Don't use H3C-Exec_Privilege and/or 3Com-User-Access-Level in the return to the 5920. It will not work when you combine "old" and "new". Good luck!
Best regards,
Sander Ruiter