WEB UI RADIUS login on HPE FlexFabric 5940 Switch

poIng · ‎04-28-2020

Hello,

I'm trying to figure out how to configure the switch to use a FreeRADIUS server to authenticate administrative users login via ssh console and http/https web interface.

I can log in via ssh using remote authentication, but when I try with the web interface login fails, unless I revert back to local authentication.

Switch configuration:

[...]
 radius nas-ip 192.168.0.35
#
radius scheme freeradius
 primary authentication 192.168.0.250
 primary accounting 192.168.0.250
 key authentication cipher $c$3$xx8togAIeqxrv48t+KNFZOIzHK59vs4spTAC
 key accounting cipher $c$3$1Qf5ykeNjfyxHHjlyfgBJgtYAIUVRXs0wNJ7
 user-name-format keep-original
 nas-ip 192.168.0.35
#
domain system
 authentication login radius-scheme freeradius local
 authorization login radius-scheme freeradius local
 accounting login none
#
 domain default enable system
[...]

FreeRADIUS user configuration:

test Crypt-Password := "$1$oR8zS6aH$ZtHIp6RyZgq35ugkKBe37/"
        Service-Type = Administrative-User,
        Login-Service = 50,
        Cisco-AVPair = "shell:roles\"network-admin\"",
        Cisco-AVPair += "shell:priv-lvl-15"

Can anyone help me?

Thanks in advance,

L.

Ivan_B · ‎04-28-2020

Hello!

Web GUI is not officially supported method for managing this switch. You see it by yourself how limited and underdeveloped it is and it is so because R&D decided to drop it and what has been left is far from perfect.

However, just in sake of curiosity if you really want that Web GUI, you can try two options (without any promise that they will work since the feature is not supported):

1. Do not send RADIUS attribute 15 (Login-Service) at all.
2. Configure "attribute 15 check-mode loose" under the radius-scheme context and make your RADIUS sending "Login-Service=0" in Access-Accept messages. This command will force the switch to match the standard Login-Service attribute value 0 for SSH, FTP, and terminal services. Chances are it will be accepted for the Web GUI as well.

I am an HPE employee

poIng · ‎04-28-2020

Your first solution did the job

Thank you so much, Ivan!

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

WEB UI RADIUS login on HPE FlexFabric 5940 Switch

WEB UI RADIUS login on HPE FlexFabric 5940 Switch

Re: WEB UI RADIUS login on HPE FlexFabric 5940 Switch

Re: WEB UI RADIUS login on HPE FlexFabric 5940 Switch