remote console only works for user account admin


Userlevel 7
Hi,

is it FAD that the remote console feature works only with the user account admin but not with other user accounts that have rw access ?!

Other rw users don't get a connect to the AP..... tested with latest v10.41



-Ron

15 replies

Userlevel 5
Hello Ron

I would assume it is FAD yes. It makes sense correct, once you are in the AP you are admin rights.
Userlevel 7
Hi Craig,

sorry I think I've decribed it very poorly 🙂

I'm able to use the feature with the default controller GUI account "admin".

It doesn't work with any other controller GUI account that has Full Administrator (read-write) privilege (screenshot below).

In my opinion it should work with all accounts that are Full Admins on the controller.

But not a big deal I'd open a ticket to get the official answer.

Thanks,
Ron

Userlevel 5
I agree with you if the user name has admin rights to the box it probably should work. But I will also tell you that this feature was added for GTAC techs only (notice service personal only). Engineering will not accept any escalations against any part of this feature. We already had somebody report the German keyboard does something else incorrect and the answer came back it is a feature for Extreme Support Personal to use as is.
Userlevel 7

notice service personal only

I'm service personal 🙂

But thanks, I'll give a ticket a try and let you know the result.
Userlevel 5
Ron wrote:

notice service personal only

I'm service personal 🙂

But thanks, I'll give a ticket a try and let you know the result.

I understand you work on the product, many do, but Engineering should have worded it Extreme Employee Service Personal only as that was their intent. We "the Escalation Support Team" met with Engineering and requested features to make our jobs easier. This was one of the features they added for us.
I know what the result will be. The tickets become escalations and those end with me and my group and everybody in my group knows what I told you above. No escalation on this feature will be accepted. But by all means if you are bored, create a ticket.
Userlevel 5
Ron wrote:

notice service personal only

I'm service personal 🙂

But thanks, I'll give a ticket a try and let you know the result.

Hello Craig,

It's incredible. You (Extreme) introduce a very nice feature which helps a lot with daily troubleshooting at our customers (all of my collagues use CLI access to the APs).
But development defines this as troubleshooting tool only for GTAC, this does not make sense in my opinion. Especially because of this feature is available at wing since a long time. I know the official speaking is that all settings can be done via GUI, but I work with the controller solution since 2008 and access to the AP directly has always been necessary (e. g. to check if all settings done via GUI are available on the AP or do check the ap.log live, to change the authipaddr, ...)

Therefore in my opinion Extreme should reconsider the classification of this function. Especially since she is already here.

Best regards
Stephan
Userlevel 5
Hello,

I agree with Ron. It is necessary that the feature is available for all Admin user not only for the default "admin".
Because of we are using Radius (NAC) for Login management at the most of our customers and every "admin" user has an own login.

Best regards
Stephan
I don't get it too, why this nice feature should be left to "service personnel" only? If there would be no other chance to get (SSH) access to the APs, then it would be ok for "security" reasons.
But due the fact, everybody knows the SSH credentials, it's nothing else then implementing some uncomfortableness...
Userlevel 5
We can open a C4 feature request and see what they say? That is the best I can offer? Sorry guys don't hate the messenger, I am just telling you about how this feature is currently seen by Engineering.
Userlevel 5
Craig Guilmette wrote:

We can open a C4 feature request and see what they say? That is the best I can offer? Sorry guys don't hate the messenger, I am just telling you about how this feature is currently seen by Engineering.

Hello Craig,

we do not hate the messenger 🙂 ! It's good to know how the Engineering sees this function.

Best regards
Stephan
Userlevel 5
Hello Ron,

did you already create an FR?

Best regards
Stephan
Userlevel 7
SH wrote:

Hello Ron,

did you already create an FR?

Best regards
Stephan

Hi,

no I didn't.

BR,
Ron
Userlevel 5
Hello,

I created an FR.

Best regards
Stephan
Userlevel 4
I believe it is also in GTAC's interest to have this worked out, as some customer might not allow to use 'admin' account for remote sessions, right?
Aand some gtacknowledge article on this 'issue' would explain Extreme's point of view and do the work, whatever that point of view is.
Userlevel 7
Buiosu wrote:

I believe it is also in GTAC's interest to have this worked out, as some customer might not allow to use 'admin' account for remote sessions, right?
Aand some gtacknowledge article on this 'issue' would explain Extreme's point of view and do the work, whatever that point of view is.

On the controller it would make sense to only use the admin account if you work for the GTAC as that is the only account that allow shell access via the CLI.

That is why I normaly reserve the admin account for me/colleagues and create a new one for the customer.

This is another reason I'd prefer that all read/write accounts could use the remote console feature.

Reply