IMC
cancel
Showing results for 
Search instead for 
Did you mean: 

IMC: Backup fails with AAA enabled

 
MichaelM55
Trusted Contributor

IMC: Backup fails with AAA enabled

Hello,

I just recognized that backup with IMC isn´t working after enabling AAA/RADIUS based login on the switch. It seems I´m missing something.

Let´s look at the switch configuration (HP A5500-EI, Software Version 5.20 Release 2221P20)

#
 domain default enable system
#
acl number 2201 name NMS
 rule 5 permit source 10.10.2.1 0 
 rule 10 deny
#
radius scheme RADIUS-Server
 primary authentication 10.10.1.1 key cipher SomeHashedPassword
#
domain system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
domain mydomain.com
 authentication default radius-scheme RADIUS-Server
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
local-user admin
 password cipher SomeHashedPassword
 authorization-attribute level 3
 service-type lan-access
 service-type ssh telnet terminal
 service-type ftp
 service-type portal
 service-type web
local-user RADIUSuser
 authorization-attribute level 3
 service-type lan-access
 service-type ssh telnet terminal
 service-type ftp
 service-type portal
 service-type web
local-user manager
 password cipher SomeHashedPassword
 authorization-attribute level 2
 service-type telnet terminal
local-user monitor
 password cipher SomeHashedPassword
 authorization-attribute level 1
 service-type telnet terminal
#
 snmp-agent
 [...]
 snmp-agent sys-info version v3
 snmp-agent group v3 v3Group write-view ViewDefault notify-view ViewDefault acl 2201
 snmp-agent target-host trap address udp-domain 10.10.2.1 params securityname HP_v3 v3 privacy
 snmp-agent usm-user v3 HP_v3 v3Group cipher authentication-mode sha SomeHashedPassword privacy-mode aes128 SomeHashedPassword acl 2201
#
 ssh server enable
 sftp server enable
#
user-interface aux 0
 authentication-mode password
 set authentication password cipher $cSomeHashedPassword 
user-interface vty 0 15
 authentication-mode scheme
#

    • With Putty/SSH I can happily login with user admin@system
    • With Putty/SSH I can happily login with user RADIUSuser@mydomain.com
    • IMC/SNMP works without any problems:
    • IMC-SNMP.png
      • IMC+SSH works with user admin@system and RADIUSuser@mydomain.com, e.g.:

IMC-SSH.png

  • Let´s run "Configuration File Backup Result" within the "Configuration Center":
  • IMC-backup.png
  • What does the switch tell me with "dis log rev":
  • 06:06:53:884 2015 SW47 CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=49-CommandSource=2-ConfigSource=3-ConfigDestination=2; Configuration is changed.
    06:06:52:803 2015 SW47 CFGMAN/5/CFGMAN_CFGCOPY: -OptType=6-OptTime=10103-OptState=14-OptEndTime=23434564; Configuration is copied.
    06:05:11:725 2015 SW47 CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=48-CommandSource=2-ConfigSource=3-ConfigDestination=2; Configuration is changed.
    06:05:10:645 2015 SW47 CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=47-CommandSource=2-ConfigSource=3-ConfigDestination=2; Configuration is changed.
    06:05:09:911 2015 SW47 CFGMAN/5/CFGMAN_CFGCOPY: -OptType=3-OptTime=10326-OptState=14-OptEndTime=23424275; Configuration is copied.
    06:03:45:251 2015 SW47 CFGMAN/5/CFGMAN_EXIT: Exit from configuration mode.
    06:03:26:616 2015 SW47 CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=46-CommandSource=2-ConfigSource=3-ConfigDestination=2; Configuration is changed.
    05:59:52:144 2015 SW47 SSH/6/SSH_CONNECTION_CLOSE: STEL user admin@system (IP: 10.10.2.1) logged out because the SSH client closed the connection.
    05:59:52:135 2015 SW47 SHELL/5/SHELL_LOGOUT: admin@system logged out from 10.10.2.1.
    05:59:40:936 2015 SW47 SHELL/5/SHELL_LOGIN: admin@system logged in from 10.10.2.1.
    05:59:40:826 2015 SW47 SSH/6/SSH_LOGIN: STEL user admin@system (IP: 10.10.2.1) logged in successfully.
    05:59:40:800 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=ACCOUNT-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful.
    05:59:40:799 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=ACCOUNT-AAAScheme= local-Service=login-UserName=admin@system; AAA launched.
    05:59:40:796 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=AUTHOR-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful.
    05:59:40:795 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=AUTHOR-AAAScheme= local-Service=login-UserName=admin@system; AAA launched.
    05:59:40:794 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=AUTHEN-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful.
    05:59:40:793 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=AUTHEN-AAAScheme= local-Service=login-UserName=admin@system; AAA launched.
    05:59:27:087 2015 SW47 SSH/6/SSH_CONNECTION_CLOSE: STEL user admin@system (IP: 10.10.2.1) logged out because the SSH client closed the connection.
    05:59:27:078 2015 SW47 SHELL/5/SHELL_LOGOUT: admin@system logged out from 10.10.2.1.
    05:59:15:849 2015 SW47 SHELL/5/SHELL_LOGIN: admin@system logged in from 10.10.2.1.
    05:59:15:740 2015 SW47 SSH/6/SSH_LOGIN: STEL user admin@system (IP: 10.10.2.1) logged in successfully.
    05:59:15:723 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=ACCOUNT-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful.
    05:59:15:721 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=ACCOUNT-AAAScheme= local-Service=login-UserName=admin@system; AAA launched.
    05:59:15:719 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=AUTHOR-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful.
    05:59:15:718 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=AUTHOR-AAAScheme= local-Service=login-UserName=admin@system; AAA launched.
    05:59:15:716 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=AUTHEN-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful.
    05:59:15:715 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=AUTHEN-AAAScheme= local-Service=login-UserName=admin@system; AAA launched.
    05:59:06:125 2015 SW47 SSH/6/SSH_CONNECTION_CLOSE: STEL user admin@system (IP: 10.10.2.1) logged out because the SSH client closed the connection.
    05:59:06:115 2015 SW47 SHELL/5/SHELL_LOGOUT: admin@system logged out from 10.10.2.1.
    05:58:54:912 2015 SW47 SHELL/5/SHELL_LOGIN: admin@system logged in from 10.10.2.1.
    05:58:54:805 2015 SW47 SSH/6/SSH_LOGIN: STEL user admin@system (IP: 10.10.2.1) logged in successfully.
    05:58:54:787 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=ACCOUNT-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful.
    05:58:54:786 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=ACCOUNT-AAAScheme= local-Service=login-UserName=admin@system; AAA launched.
    05:58:54:783 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=AUTHOR-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful.
    05:58:54:782 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=AUTHOR-AAAScheme= local-Service=login-UserName=admin@system; AAA launched.
    05:58:54:781 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=AUTHEN-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful.
    05:58:54:780 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=AUTHEN-AAAScheme= local-Service=login-UserName=admin@system; AAA launched.

 

  • Interestingly, backup is running without any problems on other A5500-EI switches where only a normal "admin" user (without any RADIUS, additional domains configuration) is being configured. So it seems I´m missing something?
1 REPLY
LindsayHill
Honored Contributor

Re: IMC: Backup fails with AAA enabled

My guess is that the script isn't handling the extra '@' very well.  What do you see in the imccfgbakdm logfiles?