Re: HP 5900 radius access authentication with comware 7.1.045 release 2307 : problem

Peter_Debruyne · ‎03-18-2014

Hi Dirk,

The domain system is missing the accounting configuration for the "login" application. This may be a difference in default value compared to the previous release.

Anyway, I verified your config (failed in my setup as well), but when the accounting for login is configured, it works.

I my sample setup, I used radius accounting (which is not configured in your example). If you do not want the accounting, configure:

domain system

accounting login none

Then it works,

Best regards,Peter.

verpoest · ‎03-19-2014

Hi Peter,

Thank you for the feedback. I will change my config next monday. and I let you know what the result is.

But when the issue is caused by the accounting then :

I do not understand the way HP is implementing undocumented features changes !

this is for me a major issue. why ? our customer runs release 2210 in production with telnet/ssh radius authentication without the accounting . Why configure accounting when you do not need it.

after upgrade to 2307, we did not have any remote access anymore to our network. luckily we did not configere yet radius authentication on the console port.

It bothers me that HP change the authentication concept and not mentioned in the release notes!

What guarantee do we have that this is the only concept change is in release 2307?

Let me be clear I do not shoot on the pianist. I do appreciate your effort and you knowledge.

regards

cpatino29 · ‎01-21-2015

I was having the same issue after upgrading to version 7.1 r2311p03. Setting the accouting to none under my domain config fix the problem. Thank you for posting this.

sdide · ‎01-21-2015

hi,

Just for the record - I ran into the exact same problem during an upgrade on a production unit, where I had to issue a command after the upgrade ... The time-window for the upgrade involved more units. Since out oob management was not up in that location yet, I had to grab the console cable and go to the switches which were luckily in close proximity.

Could have been a mess ...

Not cool that HP changes things with no mention in the release notes.

Regards

Søren Dideriksen, Network Administrator
Region Midtjylland

spgsitsupport · ‎10-13-2016

I did follow:

https://abouthpnetworking.com/2014/03/16/comware7-radius-based-rbac-user-role-assignment/#comment-5353

and I can not login via SSH, I never get to the prompt, it just sits there

Server 2012 R2 NPS (event log does not show anything for switch IP)

login as: seb@mydomain
seb@mydomain@10.0.1.190's password:

******************************************************************************
* Copyright (c) 2010-2015 Hewlett Packard Enterprise Development LP *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************

Any ideas anybody?

Thanks

Seb

spgsitsupport · ‎05-05-2017

The post I used missed (obviou when I re-read it) creation of Connection Request Policy!

Once that is done, auth works fine

Re: HP 5900 radius access authentication with comware 7.1.045 release 2307 : problem