HPE Community
IMC
1753943 Members
8917 Online
108811 Solutions
New Discussion

IMC: Backup fails with AAA enabled

 
MichaelM55
Trusted Contributor

‎12-03-2015 11:58 PM - edited ‎12-03-2015 11:59 PM

‎12-03-2015 11:58 PM - edited ‎12-03-2015 11:59 PM

IMC: Backup fails with AAA enabled

Hello,

I just recognized that backup with IMC isn´t working after enabling AAA/RADIUS based login on the switch. It seems I´m missing something.

Let´s look at the switch configuration (HP A5500-EI, Software Version 5.20 Release 2221P20)

#
 domain default enable system
#
acl number 2201 name NMS
 rule 5 permit source 10.10.2.1 0 
 rule 10 deny
#
radius scheme RADIUS-Server
 primary authentication 10.10.1.1 key cipher SomeHashedPassword
#
domain system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
domain mydomain.com
 authentication default radius-scheme RADIUS-Server
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
local-user admin
 password cipher SomeHashedPassword
 authorization-attribute level 3
 service-type lan-access
 service-type ssh telnet terminal
 service-type ftp
 service-type portal
 service-type web
local-user RADIUSuser
 authorization-attribute level 3
 service-type lan-access
 service-type ssh telnet terminal
 service-type ftp
 service-type portal
 service-type web
local-user manager
 password cipher SomeHashedPassword
 authorization-attribute level 2
 service-type telnet terminal
local-user monitor
 password cipher SomeHashedPassword
 authorization-attribute level 1
 service-type telnet terminal
#
 snmp-agent
 [...]
 snmp-agent sys-info version v3
 snmp-agent group v3 v3Group write-view ViewDefault notify-view ViewDefault acl 2201
 snmp-agent target-host trap address udp-domain 10.10.2.1 params securityname HP_v3 v3 privacy
 snmp-agent usm-user v3 HP_v3 v3Group cipher authentication-mode sha SomeHashedPassword privacy-mode aes128 SomeHashedPassword acl 2201
#
 ssh server enable
 sftp server enable
#
user-interface aux 0
 authentication-mode password
 set authentication password cipher $cSomeHashedPassword 
user-interface vty 0 15
 authentication-mode scheme
#
    • With Putty/SSH I can happily login with user admin@system
    • With Putty/SSH I can happily login with user RADIUSuser@mydomain.com
    • IMC/SNMP works without any problems:
    • IMC-SNMP.png
      • IMC+SSH works with user admin@system and RADIUSuser@mydomain.com, e.g.:

IMC-SSH.png

  • Let´s run "Configuration File Backup Result" within the "Configuration Center":
  • IMC-backup.png
  • What does the switch tell me with "dis log rev":
  • 06:06:53:884 2015 SW47 CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=49-CommandSource=2-ConfigSource=3-ConfigDestination=2; Configuration is changed.
06:06:52:803 2015 SW47 CFGMAN/5/CFGMAN_CFGCOPY: -OptType=6-OptTime=10103-OptState=14-OptEndTime=23434564; Configuration is copied.
06:05:11:725 2015 SW47 CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=48-CommandSource=2-ConfigSource=3-ConfigDestination=2; Configuration is changed.
06:05:10:645 2015 SW47 CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=47-CommandSource=2-ConfigSource=3-ConfigDestination=2; Configuration is changed.
06:05:09:911 2015 SW47 CFGMAN/5/CFGMAN_CFGCOPY: -OptType=3-OptTime=10326-OptState=14-OptEndTime=23424275; Configuration is copied.
06:03:45:251 2015 SW47 CFGMAN/5/CFGMAN_EXIT: Exit from configuration mode.
06:03:26:616 2015 SW47 CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=46-CommandSource=2-ConfigSource=3-ConfigDestination=2; Configuration is changed.
05:59:52:144 2015 SW47 SSH/6/SSH_CONNECTION_CLOSE: STEL user admin@system (IP: 10.10.2.1) logged out because the SSH client closed the connection.
05:59:52:135 2015 SW47 SHELL/5/SHELL_LOGOUT: admin@system logged out from 10.10.2.1.
05:59:40:936 2015 SW47 SHELL/5/SHELL_LOGIN: admin@system logged in from 10.10.2.1.
05:59:40:826 2015 SW47 SSH/6/SSH_LOGIN: STEL user admin@system (IP: 10.10.2.1) logged in successfully.
05:59:40:800 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=ACCOUNT-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful.
05:59:40:799 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=ACCOUNT-AAAScheme= local-Service=login-UserName=admin@system; AAA launched.
05:59:40:796 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=AUTHOR-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful.
05:59:40:795 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=AUTHOR-AAAScheme= local-Service=login-UserName=admin@system; AAA launched.
05:59:40:794 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=AUTHEN-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful.
05:59:40:793 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=AUTHEN-AAAScheme= local-Service=login-UserName=admin@system; AAA launched.
05:59:27:087 2015 SW47 SSH/6/SSH_CONNECTION_CLOSE: STEL user admin@system (IP: 10.10.2.1) logged out because the SSH client closed the connection.
05:59:27:078 2015 SW47 SHELL/5/SHELL_LOGOUT: admin@system logged out from 10.10.2.1.
05:59:15:849 2015 SW47 SHELL/5/SHELL_LOGIN: admin@system logged in from 10.10.2.1.
05:59:15:740 2015 SW47 SSH/6/SSH_LOGIN: STEL user admin@system (IP: 10.10.2.1) logged in successfully.
05:59:15:723 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=ACCOUNT-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful.
05:59:15:721 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=ACCOUNT-AAAScheme= local-Service=login-UserName=admin@system; AAA launched.
05:59:15:719 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=AUTHOR-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful.
05:59:15:718 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=AUTHOR-AAAScheme= local-Service=login-UserName=admin@system; AAA launched.
05:59:15:716 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=AUTHEN-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful.
05:59:15:715 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=AUTHEN-AAAScheme= local-Service=login-UserName=admin@system; AAA launched.
05:59:06:125 2015 SW47 SSH/6/SSH_CONNECTION_CLOSE: STEL user admin@system (IP: 10.10.2.1) logged out because the SSH client closed the connection.
05:59:06:115 2015 SW47 SHELL/5/SHELL_LOGOUT: admin@system logged out from 10.10.2.1.
05:58:54:912 2015 SW47 SHELL/5/SHELL_LOGIN: admin@system logged in from 10.10.2.1.
05:58:54:805 2015 SW47 SSH/6/SSH_LOGIN: STEL user admin@system (IP: 10.10.2.1) logged in successfully.
05:58:54:787 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=ACCOUNT-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful.
05:58:54:786 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=ACCOUNT-AAAScheme= local-Service=login-UserName=admin@system; AAA launched.
05:58:54:783 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=AUTHOR-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful.
05:58:54:782 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=AUTHOR-AAAScheme= local-Service=login-UserName=admin@system; AAA launched.
05:58:54:781 2015 SW47 SC/6/SC_AAA_SUCCESS: -AAAType=AUTHEN-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful.
05:58:54:780 2015 SW47 SC/6/SC_AAA_LAUNCH: -AAAType=AUTHEN-AAAScheme= local-Service=login-UserName=admin@system; AAA launched.

 

  • Interestingly, backup is running without any problems on other A5500-EI switches where only a normal "admin" user (without any RADIUS, additional domains configuration) is being configured. So it seems I´m missing something?
0 Kudos
1 REPLY 1
LindsayHill
Honored Contributor

‎12-04-2015 01:37 PM

‎12-04-2015 01:37 PM

Re: IMC: Backup fails with AAA enabled

My guess is that the script isn't handling the extra '@' very well.  What do you see in the imccfgbakdm logfiles?

__
@northlandboy
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.