remote console only works for user account admin

  • 0
  • 3
  • Problem
  • Updated 2 weeks ago
Hi,

is it FAD that the remote console feature works only with the user account admin but not with other user accounts that have rw access ?!

Other rw users don't get a connect to the AP..... tested with latest v10.41



-Ron
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 48,894 Points 20k badge 2x thumb

Posted 1 month ago

  • 0
  • 3
Photo of Craig Guilmette

Craig Guilmette, Employee

  • 2,610 Points 2k badge 2x thumb
Hello Ron

I would assume it is FAD yes. It makes sense correct, once you are in the AP you are admin rights.  
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 48,894 Points 20k badge 2x thumb
Hi Craig,

sorry I think I've decribed it very poorly :-)

I'm able to use the feature with the default controller GUI account "admin".

It doesn't work with any other controller GUI account that has Full Administrator (read-write) privilege (screenshot below).

In my opinion it should work with all accounts that are Full Admins on the controller.

But not a big deal I'd open a ticket to get the official answer.

Thanks,
Ron



Photo of Craig Guilmette

Craig Guilmette, Employee

  • 2,610 Points 2k badge 2x thumb
I agree with you if the user name has admin rights to the box it probably should work. But I will also tell you that this feature was added for GTAC techs only (notice service personal only). Engineering will not accept any escalations against any part of this feature. We already had somebody report the German keyboard does something else incorrect and the answer came back it is a feature for Extreme Support Personal to use as is. 
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 48,894 Points 20k badge 2x thumb
notice service personal only
I'm service personal :-)

But thanks, I'll give a ticket a try and let you know the result.
Photo of Craig Guilmette

Craig Guilmette, Employee

  • 2,610 Points 2k badge 2x thumb
I understand you work on the product, many do, but Engineering should have worded it Extreme Employee Service Personal only as that was their intent. We "the Escalation Support Team" met with Engineering and requested features to make our jobs easier. This was one of the features they added for us. 
I know what the result will be. The tickets become escalations and those end with me and my group and everybody in my group knows what I told you above. No escalation on this feature will be accepted. But by all means if you are bored, create a ticket.  
Photo of SH

SH

  • 4,112 Points 4k badge 2x thumb
Hello Craig,

It's incredible. You (Extreme) introduce a very nice feature which helps a lot with daily troubleshooting at our customers (all of my collagues use CLI access to the APs). 
But development defines this as troubleshooting tool only for GTAC, this does not make sense in my opinion. Especially because of this feature is available at wing since a long time. I know the official speaking is that all settings can be done via GUI, but I work with the controller solution since 2008 and access to the AP directly has always been necessary (e. g. to check if all settings done via GUI are available on the AP or do check the ap.log live, to change the authipaddr, ...)

Therefore in my opinion Extreme should reconsider the classification of this function. Especially since she is already here.

Best regards
Stephan
Photo of SH

SH

  • 4,112 Points 4k badge 2x thumb
Hello,

I agree with Ron. It is necessary that the feature is available for all Admin user not only for the default "admin".
Because of we are using Radius (NAC) for Login management at the most of our customers and every "admin" user has an own login.

Best regards
Stephan
Photo of Rio Grande

Rio Grande

  • 62 Points
I don't get it too, why this nice feature should be left to "service personnel" only? If there would be no other chance to get (SSH) access to the APs, then it would be ok for "security" reasons.
But due the fact, everybody knows the SSH credentials, it's nothing else then implementing some uncomfortableness...

Photo of Craig Guilmette

Craig Guilmette, Employee

  • 2,610 Points 2k badge 2x thumb
We can open a C4 feature request and see what they say? That is the best I can offer? Sorry guys don't hate the messenger, I am just telling you about how this feature is currently seen by Engineering. 
Photo of SH

SH

  • 4,112 Points 4k badge 2x thumb
Hello Craig,

we do not hate the messenger :-) ! It's good to know how the Engineering sees this function. 

Best regards
Stephan
(Edited)
Photo of SH

SH

  • 4,112 Points 4k badge 2x thumb
Hello Ron,

did you already create an FR?

Best regards
Stephan
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 48,884 Points 20k badge 2x thumb
Hi,

no I didn't.

BR,
Ron
Photo of SH

SH

  • 4,112 Points 4k badge 2x thumb
Hello,

I created an FR.

Best regards
Stephan
Photo of Tomasz

Tomasz

  • 868 Points 500 badge 2x thumb
I believe it is also in GTAC's interest to have this worked out, as some customer might not allow to use 'admin' account for remote sessions, right?
Aand some gtacknowledge article on this 'issue' would explain Extreme's point of view and do the work, whatever that point of view is.
(Edited)
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 48,894 Points 20k badge 2x thumb
On the controller it would make sense to only use the admin account if you work for the GTAC as that is the only account that allow shell access via the CLI.

That is why I normaly reserve the admin account for me/colleagues and create a new one for the customer.

This is another reason I'd prefer that all read/write accounts could use the remote console feature.