- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: PC 5300 and MS IAS. Can't get rid of the web d...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-05-2006 12:43 AM
тАО07-05-2006 12:43 AM
PC 5300 and MS IAS. Can't get rid of the web double login
I have configured a ProCurve 5308xl switch to authenticate users that want to use its web interface over RADIUS using the Microsoft Internet Authentication Service. Upon login into the web interface it asks for my user and password. When I supply my login credentials, a second password prompt (a java one) pops up and asks for my credentials a second time. I have read about that issue in the manual. The manual says that I have to toggle the "aaa authentication login privilege-mode" option on the switch to get rid of the second login but it won't work with me.
My aaa-related lines in the config are the following:
aaa authentication web login radius none
aaa authentication login privilege-mode
radius-server host aaa.bbb.ccc.ddd key mysecretkey
I tried to use both, the "web login" and "web enable" options alone and together but with no success.
In the IAS's ras policies profile options, I defined the "Service-Type" attribute to be "Administrative" as mentioned in the manual.
Right now I'm only running a config with the "... web enable radius ..." option set which will use radius authentication for actions which require the manager access level.
I'd really like to have one single password prompt which will get you into the web interface with manager rights.
What am I doing wrong?
Thanks in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-05-2006 01:03 AM
тАО07-05-2006 01:03 AM
Re: PC 5300 and MS IAS. Can't get rid of the web double login
The issue in this case I think is more simple - it's just a java / browser problem.
Even with just a basic operator/manager password only on the switch, I believe you'd get the same problem (I see it myself but I just accept that I have to put up with it). From memory when using the Microsoft VM I never saw this issue.
Les also mentioned it at the bottom of this thread:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1030556
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-05-2006 02:07 AM
тАО07-05-2006 02:07 AM
Re: PC 5300 and MS IAS. Can't get rid of the web double login
I have tried this with one of my 5300 switches.I used the following config:
aaa authentication web login radius
aaa authentication web enable radius
aaa authenication login privilege-mode
And my config at the IAS:
Policy conditions:
Windows-Groups matches "switch-admins" AND
Service-Type matches "Administrative OR NAS Prompt"
In the profile, under Advanced:
Login-LAT-Service -> Telnet
Service-Type -> Administrative
With this it works for telnet and web login
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-05-2006 02:31 AM
тАО07-05-2006 02:31 AM
Re: PC 5300 and MS IAS. Can't get rid of the web double login
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-05-2006 09:24 PM
тАО07-05-2006 09:24 PM
Re: PC 5300 and MS IAS. Can't get rid of the web double login
@Werner: Yeah, my config is similar and seems to be working fine except for the web interface. Which JRE version are you running?
BTW: "Login-LAT-Service"? Doesn't it have to be "Login-Service"?
@Les: I'm not using any proxies in my testing environment. I have upgraded the JRE from 1.4.2_06 to 1.5.0_02 but it still doesn't work the way it should.