Comware Based

Re: HP 5900 radius access authentication with comware 7.1.045 release 2307 : problem

 
SOLVED
Go to solution
Peter_Debruyne
Honored Contributor
Solution

Re: HP 5900 radius access authentication with comware 7.1.045 release 2307 : problem

Hi Dirk,

 

The domain system is missing the accounting configuration for the "login" application. This may be a difference in default value compared to the previous release.

 

Anyway, I verified your config (failed in my setup as well), but when the accounting for login is configured, it works.

 

I my sample setup, I used radius accounting (which is not configured in your example). If you do not want the accounting, configure:

 

domain system

 accounting login none

 

Then it works,

 

Best regards,Peter.

 

verpoest
Occasional Advisor

Re: HP 5900 radius access authentication with comware 7.1.045 release 2307 : problem

Hi Peter,

 

Thank you for the feedback. I will change my config next monday. and I let you know what the result is.

 

But when the issue is caused by the accounting then :

 

I do not understand the way HP is implementing undocumented features changes !

this is for me a major issue. why ? our customer runs release 2210 in production with telnet/ssh radius authentication without the accounting . Why configure accounting when you do not need it.

after upgrade to 2307, we did not have any remote access anymore to our network. luckily we did not configere yet radius authentication on the console port.

It bothers me that HP change the authentication concept and not mentioned in the release notes!

What guarantee do we have that this is the only concept change is in release 2307?

 

Let me be clear I do not shoot on the pianist. I do appreciate  your effort and you knowledge.

regards

 

cpatino29
Occasional Visitor

Re: HP 5900 radius access authentication with comware 7.1.045 release 2307 : problem

I was having the same issue after upgrading to version 7.1 r2311p03. Setting the accouting to none under my domain config fix the problem. Thank you for posting this. 

sdide
Respected Contributor

Re: HP 5900 radius access authentication with comware 7.1.045 release 2307 : problem

hi,

Just for the record - I ran into the exact same problem during an upgrade on a production unit, where I had to issue a command after the upgrade ...  The time-window for the upgrade involved more units. Since out oob management was not up in that location yet, I had to grab the console cable and go to the switches which were luckily in close proximity.

 

Could have been a mess ...  

 

Not cool that HP changes things with no mention in the release notes.

 

Regards

 

Søren Dideriksen, Network Administrator
Region Midtjylland
spgsitsupport
Regular Advisor

Re: HP 5900 radius access authentication with comware 7.1.045 release 2307 : problem

I did follow:

https://abouthpnetworking.com/2014/03/16/comware7-radius-based-rbac-user-role-assignment/#comment-5353

and I can not login via SSH, I never get to the prompt, it just sits there

Server 2012 R2 NPS (event log does not show anything for switch IP)

login as: seb@mydomain
seb@mydomain@10.0.1.190's password:

******************************************************************************
* Copyright (c) 2010-2015 Hewlett Packard Enterprise Development LP *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************

 Any ideas anybody?

Thanks

Seb

 

 

spgsitsupport
Regular Advisor

Re: HP 5900 radius access authentication with comware 7.1.045 release 2307 : problem

The post I used missed (obviou when I re-read it) creation of Connection Request Policy!

Once that is done, auth works fine