- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- HP Procurve 2524, ssh authenticated with radius, c...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2015 12:06 AM - last edited on 05-25-2015 09:07 PM by Maiko-I
05-22-2015 12:06 AM - last edited on 05-25-2015 09:07 PM by Maiko-I
HP Procurve 2524, ssh authenticated with radius, couldn't login privilege mode automatically
As mentioned in hardening white paper, in radius server:
Service-Type = 6 allows manager-level access
Service-Type = 7 allows operator-level access
A user with Service-Type not equal to 6 or 7 is denied access
A user with no Service-Type attribute supplied is denied access when privilege mode is enabled
Then configure the switch with below commands:
aaa authentication login privilege-mode
aaa authentication ssh login radius local
aaa authentication ssh enable radius local
above configuration is working fine for most of the switches, except HP J4813A ProCurve Switch 2524, which is command "aaa authentication login privilege-mode" is not available. So i have to enter twice login before i get into th enable mode, what can i do so that i can make it automatically enter into privilege mode as other switches?
P.S. This thread has been moved from LAN Routing to ProCurve / ProVision-Based. - Hp Forum Moderator
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2015 05:37 AM - edited 05-22-2015 05:39 AM
05-22-2015 05:37 AM - edited 05-22-2015 05:39 AM
Re: HP Procurve 2524, ssh authenticated with radius, couldn't login privilege mode automatically
Hi all
I've configured a couple of switches for RADIUS use, and set up NPS on Windows Server 2008 R2.
The first switch, a 3500-24, works flawlessly. The second one (5412zl) is slightly different.
If I enable local authentication as the secondary authentication method, via:
aaa authentication ssh login peap-mschapv2 local
Then I don't appear to be being authenticated properly via RADIUS. Here's what happens:
1) Switch prompts for username, I enter my domain username, which works for the other switch
2) I am then taken straight to operator mode ( > at each prompt). without being prompted for a password
3) I'll type enable, and the local password is required
If I then alter the config to this
aaa authentication ssh login peap-mschapv2 none
Then I am able to log into the switch with my AD credentials, just as it should do. However, I now no longer have a secondary means of authentication if the RADIUS server breaks.
Has anyone heard of this before? I am trying to avoid a firmware upgrade as this is a production switch. I just wonder if anyone can think of a reason for this happening, if I'm doing something wrong
Lisa
(Sky Support Manager)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2015 07:45 AM
05-22-2015 07:45 AM
Re: HP Procurve 2524, ssh authenticated with radius, couldn't login privilege mode automatically
I am able to get directly to the enable prompt (HP-5406-zl#) on a 5406 running K.15.16.0004 with these config parameters:
aaa authentication login privilege-mode
aaa authentication console login peap-mschapv2 local
aaa authentication console enable peap-mschapv2 local
aaa authentication ssh login peap-mschapv2 local
aaa authentication ssh enable peap-mschapv2 local
password manager
password operator
I configured the console with the same parameters as ssh so that i could test the secondary local login. When I disconnected the switch from the network, including the radius server, this is what happened. Notice that the prompt is different depending on which authentiction method the switch is using. Please Enter Login Name: = RADIUS and Username: = local.
Please Enter Login Name: eric
Please Enter Password:
Attempting to authenticate.
Attempting to authenticate.
Attempting to authenticate.
Attempting to authenticate.
Unable to authenticate user.
Username: admin
Password:
Your previous successful login (as manager) was on 2015-05-22 14:36:15 from the console
My guess is that you both are on older software. It is possible that the 2524's may not work even with a software update as it is an older switch. But it might too, there was a software update a year ago. I checked the release notes for F.05.79 and didn't see anything related to RADIUS or authentication but those release notes don't cover the whole life of the product. You might get your switch version and look at the release notes for every newer switch release.
If you need more, please let us know what software version you are running and if possible share the switch config.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-25-2015 02:24 AM
05-25-2015 02:24 AM
Re: HP Procurve 2524, ssh authenticated with radius, couldn't login privilege mode automatically
i did upgraded to the latest version :
Image stamp: /sw/code/build/info
May 15 2014 18:20:03
F.05.79
1373
but still can't get privilege mode automatically...and the command "aaa authetication login privilege mode" is not available as well...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2016 12:05 PM
07-03-2016 12:05 PM
Re: HP Procurve 2524, ssh authenticated with radius, couldn't login privilege mode automatically
Did you find a solution to this issue?
I thought I'd seen the last of this problem, but am now working for a client who still uses 2524s.