HPE Community
Comware Based
1823913 Members
3506 Online
109667 Solutions
New Discussion

.dct File for Radius Configuration

 
L1nklight
Valued Contributor

‎10-14-2015 10:42 AM

‎10-14-2015 10:42 AM

.dct File for Radius Configuration

Hey all, I was wondering if HP created an official DCT file for radius server use. I am currently working with RSA SecurID Authentication Manager's built in radius server and I would like to pass back privilege levels to my HP A Series (JG237A and JG225A) after accounts are authenticated. I do have access to a 3comswitch.dct out of the box, but it appears to be old and uses an attribute that I have not found to be listed as a valid privilege attribute. 

 

The existing .dct file has the attribute listed to be "3Com-User-Access-Level" however in both H3C and some other various internet resources I have seen the following values:

 

  • Huawei-Exec-Privilege
  • H3C-Exec-Privilege

The meat and potatoes of the .dct file looks like this:

 

################################################################################
# 3comswitch.dct - 3Com SuperStack II 3900 LAN Stackable Switch dictionary
# (See README.DCT for more details on the format of this file)
################################################################################
# Created 01/25/01 ECA
#
# Use the Radius specification attributes in lieu of the 3com ones
#
@radius.dct

#
# Define additional 3Com Enterprise Network VSA parameters
# (add 3Com SS3900 specific attributes below)
# 3Com Vendor Id (vid)=43

ATTRIBUTE	3Com-User-Access-Level	26	[vid=43 type1=1 len1=6 data=integer] r
VALUE		3Com-User-Access-Level		Administrator		3
VALUE		3Com-User-Access-Level		Manager-(write)		2
VALUE		3Com-User-Access-Level		Monitor-(read)		1

################################################################################
# 3comswitch.dct - 3Com SuperStack II 3900 dictionary
################################################################################

I figure the A series .dct file would look similar. Anyone have any ideas?

 

The basic premise of this is that I want to use radius authentication on my switches. My switches will send the local authentication request to the radius server, which will then look at Active Directory as RSA SecurID Authentication Manager integrates the two technologies inherently. Once the user is authenticated to the group, I want to send back to the switch the approval for use and the level at which the user has access in this case privilege level 3 (Full Admin). 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.