Extreme Networks

Alberto_Oter · ‎11-10-2022

I'm trying to find a way to create a new user with specific new role locally at EFA, but I'm expecting to use a command as in SLX CLI where we can specify the username, password and role, is there a way to do like that at EFA?

Michael_Morey · ‎11-11-2022

Alberto,

Yes this is possible. The actual Username and Password should be setup on the linux subsystem first (TPVM, OVA, or StandAlone):

sudo useradd Alberto

sudo passwd

Within EFA we first designate that this user is permitted to use CLI:

(efa:extreme)extreme@tpvm1:~$ efa auth client register --name Alberto --type cli

Then we map the Role to the user:

(efa:extreme)extreme@tpvm1:~$ efa auth rolemapping add --name Alberto --role SystemAdmin --type user

Here is a list of the current roles:

(efa:extreme)extreme@tpvm1:~$ efa rbac role show
+-----------------+--------------------------------------------------------------+
| Name | Description |
+-----------------+--------------------------------------------------------------+
| NetworkOperator | Views Fabric configurations and Inventory related |
| | information and also all Ecosystem related information. |
| | Cannot make any changes in the system. |
+-----------------+--------------------------------------------------------------+
| SystemAdmin | Complete privileges to all operations in the system |
+-----------------+--------------------------------------------------------------+
| ServiceAdmin | Internal role with limited privileges to service operations |
| | in the system and cannot be assigned to a user |
+-----------------+--------------------------------------------------------------+
| FabricAdmin | Registers devices to fabric, Configures fabric parameters, |
| | Validate all the devices in the fabric and configure |
| | switches for IP Fabric with/without overlay. Also has |
| | privileges to create tenants, creates networks inside |
| | tenants (VRFs, EPGs, POs etc). Also has privileges to |
| | policy, openstack, hyperv, vcenter operations. Performs |
| | fabric debug activities. |
+-----------------+--------------------------------------------------------------+
| SecurityAdmin | Performs user management, PKI and key management operations |
| | in the system. |
+-----------------+--------------------------------------------------------------+
| SystemDebugger | Performs Support Save, System Backup operations. Has |
| | privileges to fabric debug operations. Set debug level for |
| | services. Has privileges to collect execution logs from the |
| | services. |
+-----------------+--------------------------------------------------------------+

You should now be able to login with the new user:

extreme@tpvm1:~$ efa login --username Alberto --password password

Login successful.
--- Time Elapsed: 222.627744ms ---
(efa:Alberto)extreme@tpvm1:~$

Michael Morey
Principal Technical Support Engineer
Extreme Networks

View solution in original post

Michael_Morey · ‎11-11-2022

Alberto,

Yes this is possible. The actual Username and Password should be setup on the linux subsystem first (TPVM, OVA, or StandAlone):

sudo useradd Alberto

sudo passwd

Within EFA we first designate that this user is permitted to use CLI:

(efa:extreme)extreme@tpvm1:~$ efa auth client register --name Alberto --type cli

Then we map the Role to the user:

(efa:extreme)extreme@tpvm1:~$ efa auth rolemapping add --name Alberto --role SystemAdmin --type user

Here is a list of the current roles:

(efa:extreme)extreme@tpvm1:~$ efa rbac role show
+-----------------+--------------------------------------------------------------+
| Name | Description |
+-----------------+--------------------------------------------------------------+
| NetworkOperator | Views Fabric configurations and Inventory related |
| | information and also all Ecosystem related information. |
| | Cannot make any changes in the system. |
+-----------------+--------------------------------------------------------------+
| SystemAdmin | Complete privileges to all operations in the system |
+-----------------+--------------------------------------------------------------+
| ServiceAdmin | Internal role with limited privileges to service operations |
| | in the system and cannot be assigned to a user |
+-----------------+--------------------------------------------------------------+
| FabricAdmin | Registers devices to fabric, Configures fabric parameters, |
| | Validate all the devices in the fabric and configure |
| | switches for IP Fabric with/without overlay. Also has |
| | privileges to create tenants, creates networks inside |
| | tenants (VRFs, EPGs, POs etc). Also has privileges to |
| | policy, openstack, hyperv, vcenter operations. Performs |
| | fabric debug activities. |
+-----------------+--------------------------------------------------------------+
| SecurityAdmin | Performs user management, PKI and key management operations |
| | in the system. |
+-----------------+--------------------------------------------------------------+
| SystemDebugger | Performs Support Save, System Backup operations. Has |
| | privileges to fabric debug operations. Set debug level for |
| | services. Has privileges to collect execution logs from the |
| | services. |
+-----------------+--------------------------------------------------------------+

You should now be able to login with the new user:

extreme@tpvm1:~$ efa login --username Alberto --password password

Login successful.
--- Time Elapsed: 222.627744ms ---
(efa:Alberto)extreme@tpvm1:~$

Michael Morey
Principal Technical Support Engineer
Extreme Networks

Alberto_Oter · ‎11-11-2022

Thanks a lot Michael, I was not able to find at any place the part of adding as linux user, that was the missing step, now I'm able to login with my new user 🙂

Extreme Networks

Is possible to add another user than extreme at EFA?

Is possible to add another user than extreme at EFA?