- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Re: SSH users don't have full permission to config...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-25-2017 07:02 PM
09-25-2017 07:02 PM
SSH users don't have full permission to configure H3c Switches through ssh using free radius
dear all
i'm new member here and really need help from you all. my company bought many H3c Switches and use them with Cisco switches we also use a freeradius server to authenticate ssh user for both types of switch. cisco switches work well but H3c switches don't work well. it's successful to login but have no permission to configure it.
more details.
switches models : H3C Comware Platform Software
Comware Software, Version 5.20.99, Release 1108
Copyright (c) 2004-2016 Hangzhou H3C Tech. Co., Ltd. All rights reserved.
H3C S5024PV2-EI-PWR uptime is 7 weeks, 0 day, 1 hour, 28 minutes
H3C S5024PV2-EI-PWR
128M bytes DRAM
32M bytes Flash Memory
Config Register points to Flash
Hardware Version is REV.A
Bootrom Version is 110
[SubSlot 0] 24GE+4SFP Hardware Version is REV.A
i already configure radius scheme for it with the followin content :
radius scheme 2000
primary authentication 172.19.16.12
primary accounting 172.19.16.12
key authentication cipher $c$3$FLwitDuepyryEo99M8/mX4QfJLaJ
key accounting cipher $c$3$Ihu/Owx+stq0yxjWPxj6Pyxbu7wn
user-name-format without-domain
nas-ip 172.19.3.182
#
domain 2000
authentication default radius-scheme 2000
authorization default radius-scheme 2000
accounting default radius-scheme 2000
authentication login radius-scheme 2000 local
authorization login radius-scheme 2000 local
accounting login radius-scheme 2000 local
authorization command local
here is the user's information i declare on freeradius ( centos 6.6 final)
boss Cleartext-Password := "boss"
Service-Type = NAS-Prompt-User,
H3C-Exec-Privilege = "3",
Login-Service = 50,
Cisco-AVPair = "shell:roles=network-operator"
and here is the result when i ssh to h3c switches. in fact i'm successful to access the switch but have no permission to configure just have permission to use display command.
<FacB_H3C_Parking_187>?
User view commands:
cluster Run cluster command
display Display current system information
ping Ping function
quit Exit from current command view
ssh2 Establish a secure shell client connection
super Set the current user priority level
telnet Establish one TELNET connection
tracert Trace route function
<FacB_H3C_Parking_187>
can annyone have the same problem ? please help me
- Tags:
- ssh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2017 03:22 AM
09-26-2017 03:22 AM
Re: SSH users don't have full permission to configure H3c Switches through ssh using free radius
Change the Cisco-AVPair attribute in FreeRadius from "shell:roles=network-operator" to "shell:roles=network-admin"