- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- User roles with AAA through Radius authentication ...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-17-2014 06:18 AM
06-17-2014 06:18 AM
User roles with AAA through Radius authentication HP A series
Hello there,
Currently we are implementing AAA for authentication on our network devices. Before implementing I tested the configuration on a HP A-5120, a HP Procurve3500 and some Cisco switches. Microsoft NPS acts as the radius server.
In my PoC everything was accepted so I proceeded to the implementation in the production network at the main site. I started with a HP A5830. This is where the problem started.
While all the configuration is identical as the perfect working PoC, I cannot seem to get the right privilege levels in the production.
I tried to authenticate through the radius server in the PoC so the same already proven policy was used but that did not change anything. The only difference is the type of switch HP A5120 vs HP A5830.
Did I forget something in my configuration?
The HP A5830 config is:
domain default enable domain.local
radius scheme radius
primary authentication 10.1.17.1
secondary authentication 10.1.17.2
primary accounting 10.1.17.1
secondary accounting 10.1.17.2
key authentication KEY
key accounting KEY
user-name-format without-domain
domain domain.lan
authentication default radius-scheme radius
authorization default radius-scheme radius
authentication login radius-scheme radius
accounting login radius-scheme radius
user-interface vty 0 15
acl 2022 inbound
authentication-mode scheme
user privilege level 3
idle-timeout 60 0
Any help would be kindly appreciated.
Thanks,
Avi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-19-2014 11:56 PM
06-19-2014 11:56 PM
Re: User roles with AAA through Radius authentication HP A series
Hello,
I'm not sure if its on purpose, but it looks like you did not configure athorization in the radius scheme
e.g
radius scheme radius
primary authorization 10.1.17.1
secondary authorization 10.1.17.2
quit
!
also, you enable the default domain as domain.local
(domain default enable domain.local)
but its in your domain "domain.lan" that you use the radius scheme "radius".
maybe you you need to try to set the default domain to domain.lan.
also remember to enable the ssh server if you want to use ssh.
ssh server enable
regards
Søren Dideriksen
Region Midtjylland
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-01-2014 10:01 PM
07-01-2014 10:01 PM
Re: User roles with AAA through Radius authentication HP A series
Hello,
If I understad correctly AAA authentication works, only you can't get right privilege level.
I had the same problem with A5820. My switches have comware v5. So:
1. In the radius scheme radius you have to write "server-type extended"
2. Provide correct privilege level in the Radius. You should add Vendor-Specific attribute: Vendor code - 25506, value - the privilege level you want.