Header Only - DO NOT REMOVE - Extreme Networks

SSH users with RADIUS authentication not getting administrator privileges


Userlevel 1
Thanks Patrick

I have problems with SSH2 authentication on summitX-in version 16.1.3.6 16.1.3.6 1-2.cos-patch-patch 1.2. When authenticates about Radius with a user who has administrator permissions not let modify read-only changes. Version may have problem?

This the more information about firmware last intalled
# sh ver images
Card Partition Installation Date Version Name Branch
------------------------------------------------------------------------------
Switch primary Fri Nov 7 18:35:13 UTC 2014 15.5.3.4 summitX450-15.5.3.4.xos v1553b4
Switch secondary Thu Apr 14 10:13:01 COT 2016 16.1.3.6 summitX-16.1.3.6-patch1-2.xos 16.1.3.6-patch1-2
Switch secondary Thu Apr 14 10:15:20 COT 2016 16.1.3.6 summitX-16.1.3.6-patch1-2-ssh.xmod 16.1.3.6-patch1-2

Note: This conversation was created from a reply on: NO MESSAGE DECODE; Missing component "AAA.RADIUS" v38.1.

14 replies

Userlevel 6
Hello Jairo,

Was this working in the past and suddenly stopped working? If the user is not getting the correct permissions but is authenticating it is typically a server issue. Have you looked at the server side to make sure they are matching on the correct policies?
Hi Jairo,

Have you made sure to add the VSA for administrator rights into the RADIUS server?

____________

On the radius server a normal user is needed for User access. If the user needs admin rights on the switch the following needs to be added to the radius user.Service-Type = Administrative-User[/code]LINK: https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-RADIUS-authentication-for...
Userlevel 1
Radius authentication Radius Server is on a Windows 2012, there may be incompatibility of servers?
Userlevel 6
Was this ever working?
Userlevel 1
shared configuration Radius over switch x440-24p

configure radius mgmt-access primary server 10.120.11.60 1812 client-ip 10.128.50.4 vr VR-Default
configure radius mgmt-access primary shared-secret encrypted "A configure radius netlogin primary server 10.120.11.60 1812 client-ip 10.128.50.4 vr VR-Default
configure radius netlogin primary shared-secret encrypted "A enable radius mgmt-access
enable radius netlogin
create account admin rbarajas encrypted "$5$uhfPAK$UY6SRctk4CLrJrLqHnM5C"
Userlevel 6
Hello Jairo,

Did the Radius setup ever work properly or is this a new setup?
Userlevel 1
We have the same configuration of Radius 800 switches more but with version 15.3.3.5 v1533b5-patch1-6
Userlevel 1
This equipment is new and installation is new. Quizimos try this new firmware and only works Telnet.
Jairo Rojas Herrera wrote:

This equipment is new and installation is new. Quizimos try this new firmware and only works Telnet.

Hi Jairo,

Is the same user that is having trouble in 15.6 able to work in 15.3?
Is the SSH module downloaded and installed on the switches with 15.6?
Has SSH2 been enabled in the switches with 15.6?

Can you post a 'show management' from the switch?
Userlevel 1
Jairo Rojas Herrera wrote:

This equipment is new and installation is new. Quizimos try this new firmware and only works Telnet.

The problem is with the version 16.1.3.6 Patch 1-2 when required to manage the switch by SSH2 not allowed to enter as administrator only shows reading options.
Userlevel 1
The problem is with the version 16.1.3.6 Patch 1-2 when required to manage the switch by SSH2 not allowed to enter as administrator only shows reading options.
Userlevel 6
Hello Jairo,

Brad is asking if the same user experiences the same issue on a different switch.
Userlevel 1
Not only have we proven this to be installed as new. Tomorrow we will be testing with other devices
Userlevel 7
You may find some additional helpful information in this thread:
https://community.extremenetworks.com/extreme/topics/radius-authentication-configuring-switch-x440-a...

Reply