- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Re: Comware 7 RADIUS Question
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-03-2018 03:47 AM
тАО04-03-2018 03:47 AM
So we have recently moved to Comware 7 switches. We are using 5130's and 5510's.
I have been fiddling for the last few days trying to get RADIUS up and running on them and I managed to just about get it working. What I have to do to have a successful logon is add the FQDN to the end of the username so it looks something like this - admin@domain.nhs.local
On my current Comware 5 switches, i do not have to do this. I also have a few Procurves and Ciscos about and they don't require it either.
Here is the RADIUS config I have on my test 5130 (I have obviously removed a few lines):
version 7.1.070, Release 3208P03
#
sysname RX219-ESW-18
#
irf domain 5130
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
irf member 1 priority 32
#
port-security enable
port-security timer autolearn aging 5
#
ip unreachables enable
ip ttl-expires enable
#
lldp global enable
#
password-recovery enable
#
vlan 1
#
vlan 100
name [Management]
#
interface Vlan-interface1
shutdown
#
interface Vlan-interface100
description [Management-L3]
ip address 192.168.0.2 255.255.255.0
#
line class aux
user-role network-admin
#
line class vty
user-role network-operator
#
line aux 0
authentication-mode scheme
user-role network-admin
#
line vty 0 63
authentication-mode scheme
user-role network-operator
#
ip route-static 0.0.0.0 0 192.168.0.1
#
ssh server enable
#
super password role network-admin hash XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
#
radius scheme nhs
primary authentication 192.168.0.3
secondary authentication 192.168.0.4
key authentication cipher XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
user-name-format without-domain
#
domain #
#
domain domain.nhs.local
authentication login radius-scheme rx2 none
authorization login radius-scheme rx2 none
accounting login radius-scheme rx2 none
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user Admin class manage
password hash XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
service-type ssh terminal
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
return
Thanks for taking the time to look. It's not a show stopper, but it is really annoying :)
Dan
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-03-2018 04:07 AM
тАО04-03-2018 04:07 AM
SolutionHello
I think you should review your domain config on your switch. I have it working on one of my switches and the config looks like this:
radius scheme RadiusServer primary authentication 192.168.0.1 key authentication cipher XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX user-name-format without-domain # radius scheme system user-name-format without-domain # domain system authentication login radius-scheme RadiusServer local authorization login radius-scheme RadiusServer local accounting login none
Hope this helps you further.
Kind regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-04-2018 04:31 AM
тАО04-04-2018 04:31 AM
Re: Comware 7 RADIUS Question
We use this config on our 5900 switches (Comware 7).
radius nas-ip x.x.x.x (switch mgmt-IP) # radius scheme ourscheme primary authentication y.y.y.y (IP address of primary Radius server) primary accounting y.y.y.y secondary authentication z.z.z.z (IP address of secondary Radius server) secondary accounting z.z.z.z key authentication cipher <secretcode> key accounting cipher <secretcode> user-name-format without-domain nas-ip x.x.x.x (switch mgmt-IP) # radius scheme system user-name-format without-domain # domain ourdomain authentication login radius-scheme ourscheme authorization login radius-scheme ourscheme accounting login radius-scheme ourscheme # domain system accounting login none # domain default enable ourdomain #
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-05-2018 02:18 AM
тАО04-05-2018 02:18 AM
Re: Comware 7 RADIUS Question
Thanks so much for your replies. I made the assumption that the domain would like to be the same as our actual domain.
Thanks you!
Dan