ProCurve / ProVision-Based
cancel
Showing results for 
Search instead for 
Did you mean: 

Menu disabled when using aaa authorization commands radius set

lwhitworth
Occasional Visitor

Menu disabled when using aaa authorization commands radius set

I've got Radius authentication setup and it's working okay, but I also want to setup command authorization so I can control what commands an account is able to run.  I've setup a test account in freeradius:

test Cleartext-Password := "notsecure"
        Service-Type = Administrative-User,
        HP-Command-String = "",
        HP-Command-Exception = 1

and set aaa authorization commands radius on the switch (a procurve 2610).  Problem is despite the definition allowing all commands (and this works) it would appear "menu" doesn't work, I get the error "Not authorized to execute this command.".

Has anyone succesfully enabled radius command authorization and managed to retain access to the menu?

 

 

1 REPLY
Michael Patmon
Trusted Contributor

Re: Menu disabled when using aaa authorization commands radius set

Menu is a special command that you have to explicitly allow in the command list because it implies the user has full access to anything the menu can do.  To allow it:

test Cleartext-Password := "test"
     Service-Type = 6,
     HP-Command-String = "menu;.*"