HPE Community
Switches, Hubs, and Modems
1753797 Members
7480 Online
108805 Solutions
New Discussion юеВ

Re: Radius and Brocade 4Gb SAN Switch for HP c-Class BladeSystem

 
Elmar Knipp
Advisor

тАО06-08-2008 01:52 AM

тАО06-08-2008 01:52 AM

Radius and Brocade 4Gb SAN Switch for HP c-Class BladeSystem

I have successfully configured user authentication for this switch with my Radius server. I want to give these users the admin role.

When these users log in, they only have the users role. The follwing message is displayed after a login with telnet:

Switch role not specified, use default.

My radius server sents back the flag

AVP: l=6 t=Service-Type(6): Administrative-User(6)

(checked with wireshark packet sniffer) but the switch seams to ignore this.

How can I configure the admin role?
0 Kudos
8 REPLIES 8
cenk sasmaztin
Honored Contributor

тАО06-08-2008 02:34 PM

тАО06-08-2008 02:34 PM

Re: Radius and Brocade 4Gb SAN Switch for HP c-Class BladeSystem

are you want configure admin role users

you must be go to active directory server and go active directort users and computers in this page you see user account.

for make change role account (user or admin)
you make double clik on user and go to member of tab and attach this user administrator group on server

cenk
cenk

0 Kudos
Elmar Knipp
Advisor

тАО06-08-2008 11:18 PM

тАО06-08-2008 11:18 PM

Re: Radius and Brocade 4Gb SAN Switch for HP c-Class BladeSystem

Cent,

many thanks for the answer.

My radius server is not an Microsoft Active Directory Server. It is a RSA SecurID system, which has a built in radius server. I have made the analog configuration as you proposed with AD. And as written in my first post, the servers answers with the flag "Administrative-User(6)" (which is defined in the RFC).

So why is the switch not using this flag?

Regards,
Elmar
0 Kudos
cenk sasmaztin
Honored Contributor

тАО06-09-2008 09:41 AM

тАО06-09-2008 09:41 AM

Re: Radius and Brocade 4Gb SAN Switch for HP c-Class BladeSystem

hi Elmar sorry I now understand
please send me your switch show tech command print.

cenk
cenk

0 Kudos
Elmar Knipp
Advisor

тАО06-09-2008 11:03 AM

тАО06-09-2008 11:03 AM

Re: Radius and Brocade 4Gb SAN Switch for HP c-Class BladeSystem

Cent,

you are speaking of the command "configshow" of the switch? I can run also a "supportshow" but the output is 1,5 MBytes long ;-)

I have XXXXX-ed the radius secrets.

Elmar
0 Kudos
cenk sasmaztin
Honored Contributor

тАО06-09-2008 11:16 PM

тАО06-09-2008 11:16 PM

Re: Radius and Brocade 4Gb SAN Switch for HP c-Class BladeSystem

hi Elmar
are you make speak which switch model ?

cenk
cenk

0 Kudos
cenk sasmaztin
Honored Contributor

тАО06-10-2008 02:40 AM

тАО06-10-2008 02:40 AM

Re: Radius and Brocade 4Gb SAN Switch for HP c-Class BladeSystem

sorry Elmar you have switch hp san switch I'm Procurve expert sorry ..
I'm not you help

cenk
cenk

0 Kudos
Mike Celone
Frequent Advisor

тАО10-30-2008 11:12 AM

тАО10-30-2008 11:12 AM

Re: Radius and Brocade 4Gb SAN Switch for HP c-Class BladeSystem

Elamr I am attempting to do the same thing. Where you ever able to get this figured out?
Mike
0 Kudos
Andr├й Beck
Honored Contributor

тАО10-30-2008 11:49 AM

тАО10-30-2008 11:49 AM

Re: Radius and Brocade 4Gb SAN Switch for HP c-Class BladeSystem

Hi Elmar,

on Cisco IOS there is a similar pitfall in that configuring authentication (aaa authentication ...) is sufficient to get a login, but in order to actually get an elevated permission profile, you have to add authorization statements as well (aaa authorization ...). But the config you posted doesn't look like anything I've ever seen before and

> auth.policy:0
> auth.policy.dev:3

doesn't even reveal which of the first two As of AAA it's talking about or how it links to the configured RADIUS servers. So I can't help much but to point into this direction: look out for additional non-obvious authorization-related config options.

HTH,
Andre.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.