SSH users with RADIUS authentication not getting administrator privileges

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
  • (Edited)
Thanks Patrick

I have problems with SSH2 authentication on summitX-in version 16.1.3.6 16.1.3.6 1-2.cos-patch-patch 1.2. When authenticates about Radius with a user who has administrator permissions not let modify read-only changes. Version may have problem?

This the more information about firmware last intalled
# sh ver images
Card  Partition     Installation Date        Version     Name      Branch
------------------------------------------------------------------------------
Switch primary   Fri Nov 7 18:35:13 UTC 2014 15.5.3.4 summitX450-15.5.3.4.xos v1553b4
Switch secondary Thu Apr 14 10:13:01 COT 2016 16.1.3.6 summitX-16.1.3.6-patch1-2.xos 16.1.3.6-patch1-2
Switch secondary Thu Apr 14 10:15:20 COT 2016 16.1.3.6 summitX-16.1.3.6-patch1-2-ssh.xmod 16.1.3.6-patch1-2

Note: This conversation was created from a reply on: NO MESSAGE DECODE; Missing component "AAA.RADIUS" v38.1.
Photo of Jairo Rojas Herrera

Jairo Rojas Herrera

  • 1,452 Points 1k badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Patrick Voss

Patrick Voss, Alum

  • 11,594 Points 10k badge 2x thumb
Hello Jairo,

Was this working in the past and suddenly stopped working? If the user is not getting the correct permissions but is authenticating it is typically a server issue. Have you looked at the server side to make sure they are matching on the correct policies?
Photo of Brad Parker

Brad Parker, Technical Support Engineer

  • 3,592 Points 3k badge 2x thumb
Hi Jairo,

Have you made sure to add the VSA for administrator rights into the RADIUS server?

____________

On the radius server a normal user is needed for User access. If the user needs admin rights on the switch the following needs to be added to the radius user.
Service-Type = Administrative-User
LINK: https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-RADIUS-authentication-for...
Photo of Jairo Rojas Herrera

Jairo Rojas Herrera

  • 1,452 Points 1k badge 2x thumb
Radius authentication Radius Server is on a Windows 2012, there may be incompatibility of servers?
Photo of Patrick Voss

Patrick Voss, Alum

  • 11,594 Points 10k badge 2x thumb
Was this ever working?
Photo of Jairo Rojas Herrera

Jairo Rojas Herrera

  • 1,452 Points 1k badge 2x thumb
shared configuration Radius over switch x440-24p

configure radius mgmt-access primary server 10.120.11.60 1812 client-ip 10.128.50.4 vr VR-Default
configure radius mgmt-access primary shared-secret encrypted "A<d#ud0a0a41b?z"
configure radius netlogin primary server 10.120.11.60 1812 client-ip 10.128.50.4 vr VR-Default
configure radius netlogin primary shared-secret encrypted "A<d#ud0a0a41b?z"
enable radius mgmt-access
enable radius netlogin
create account admin rbarajas encrypted "$5$uhfPAK$UY6SRctk4CLrJrLqHnM5C"
Photo of Patrick Voss

Patrick Voss, Alum

  • 11,594 Points 10k badge 2x thumb
Hello Jairo,

Did the Radius setup ever work properly or is this a new setup?
Photo of Jairo Rojas Herrera

Jairo Rojas Herrera

  • 1,452 Points 1k badge 2x thumb
We have the same configuration of Radius 800 switches more but with version 15.3.3.5 v1533b5-patch1-6
Photo of Jairo Rojas Herrera

Jairo Rojas Herrera

  • 1,452 Points 1k badge 2x thumb
This equipment is new and installation is new. Quizimos try this new firmware and only works Telnet.
Photo of Brad Parker

Brad Parker, Technical Support Engineer

  • 3,592 Points 3k badge 2x thumb
Hi Jairo,

Is the same user that is having trouble in 15.6 able to work in 15.3?
Is the SSH module downloaded and installed on the switches with 15.6?
Has SSH2 been enabled in the switches with 15.6?

Can you post a 'show management' from the switch?
Photo of Jairo Rojas Herrera

Jairo Rojas Herrera

  • 1,452 Points 1k badge 2x thumb
The problem is with the version 16.1.3.6 Patch 1-2 when required to manage the switch by SSH2 not allowed to enter as administrator only shows reading options.
Photo of Jairo Rojas Herrera

Jairo Rojas Herrera

  • 1,452 Points 1k badge 2x thumb
The problem is with the version 16.1.3.6 Patch 1-2 when required to manage the switch by SSH2 not allowed to enter as administrator only shows reading options.
Photo of Patrick Voss

Patrick Voss, Alum

  • 11,594 Points 10k badge 2x thumb
Hello Jairo,

Brad is asking if the same user experiences the same issue on a different switch.
Photo of Jairo Rojas Herrera

Jairo Rojas Herrera

  • 1,452 Points 1k badge 2x thumb
Not only have we proven this to be installed as new. Tomorrow we will be testing with other devices
Photo of Drew C.

Drew C., Community Manager

  • 40,250 Points 20k badge 2x thumb