- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- WEB UI RADIUS login on HPE FlexFabric 5940 Switch
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-28-2020 05:53 AM
тАО04-28-2020 05:53 AM
Hello,
I'm trying to figure out how to configure the switch to use a FreeRADIUS server to authenticate administrative users login via ssh console and http/https web interface.
I can log in via ssh using remote authentication, but when I try with the web interface login fails, unless I revert back to local authentication.
Switch configuration:
[...]
radius nas-ip 192.168.0.35
#
radius scheme freeradius
primary authentication 192.168.0.250
primary accounting 192.168.0.250
key authentication cipher $c$3$xx8togAIeqxrv48t+KNFZOIzHK59vs4spTAC
key accounting cipher $c$3$1Qf5ykeNjfyxHHjlyfgBJgtYAIUVRXs0wNJ7
user-name-format keep-original
nas-ip 192.168.0.35
#
domain system
authentication login radius-scheme freeradius local
authorization login radius-scheme freeradius local
accounting login none
#
domain default enable system
[...]
FreeRADIUS user configuration:
test Crypt-Password := "$1$oR8zS6aH$ZtHIp6RyZgq35ugkKBe37/"
Service-Type = Administrative-User,
Login-Service = 50,
Cisco-AVPair = "shell:roles\"network-admin\"",
Cisco-AVPair += "shell:priv-lvl-15"
Can anyone help me?
Thanks in advance,
L.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-28-2020 06:28 AM
тАО04-28-2020 06:28 AM
SolutionHello!
Web GUI is not officially supported method for managing this switch. You see it by yourself how limited and underdeveloped it is and it is so because R&D decided to drop it and what has been left is far from perfect.
However, just in sake of curiosity if you really want that Web GUI, you can try two options (without any promise that they will work since the feature is not supported):
1. Do not send RADIUS attribute 15 (Login-Service) at all.
2. Configure "attribute 15 check-mode loose" under the radius-scheme context and make your RADIUS sending "Login-Service=0" in Access-Accept messages. This command will force the switch to match the standard Login-Service attribute value 0 for SSH, FTP, and terminal services. Chances are it will be accepted for the Web GUI as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-28-2020 07:46 AM
тАО04-28-2020 07:46 AM
Re: WEB UI RADIUS login on HPE FlexFabric 5940 Switch
Your first solution did the job
Thank you so much, Ivan!