This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

This user does not have permissions for this command.

This user does not have permissions for this command.

Giuseppe_Montan
Contributor

ā€Ž12-16-2021 10:23 AM

Good Afternoon,

X440 connected to XMC/NAC used to autheticate the user for management login.

IF I try to connect to the switch with ssh the prompt is this :

X440_UP > and for any command I do I receive this error:

"This user does not have permissions for this command."

The problem is the connection to radius ( XMC/NAC ) but I do not know where ( I only upgraded to the last release XMC and NAC )

Thanks
Giuseppe
0 Kudos
18 REPLIES 18

Zdeněk_Pala
Extreme Employee

ā€Ž03-30-2022 05:42 AM

You are correct. this feature was enhanced in 16.x code and EXOS now supports both the original EXOS and EOS options.

This should give you Admin:
USER1 Cleartext-password := password
Service-Type = Administrative

This should give you Read Only:
USER2 Cleartext-password := password
Service-Type = Login
Regards Zdeněk Pala
0 Kudos

JASU
New Contributor

ā€Ž03-30-2022 04:35 AM

Thanks for your answer. However, I am not expert in this area of attribute interpretation into acceptable script by radius server. So can you guide me how the script should look like in the Users file for read-only user, and read-write user ?
I have ExtremeXOS version 16.2.2.4 & ExtremeXOS version 15.3.1.4 switches. 

By the way, when I used below syntax with 16.2 in the Users file, it was assigning the right privilege, ro/rw/su. But with 15.3, it always authorize user with read-only regardless of the keyword I use.


USER1 Cleartext-password := password
Filter-id = "Enterasys:version=1:mgmt=ro"
0 Kudos

Zdeněk_Pala
Extreme Employee

ā€Ž03-30-2022 03:13 AM

The MGMT access level to different OS depends on the radius attributes. The picture in my first response shows what attributes and what values should be used. Different response is expected by different OS.
Regards Zdeněk Pala
0 Kudos

JASU
New Contributor

ā€Ž03-30-2022 03:04 AM

I have the same issue but I am authenticating my users through Freeradius in linux. Below is attribute configuration.
How would I allow this user to run " Show configuration" for sake of taking regular backup ?

USER1 Cleartext-password := password
Filter-id = "Enterasys:version=1:mgmt=ro"
0 Kudos

Giuseppe_Montan
Contributor

ā€Ž12-17-2021 04:44 PM

Thanks for your help,
this evening I did a restore from a previous version and everything works apart that the rule that permit a login is not a rule "management login " but is the Default-Catch-rule.
I will check the next day

Thanks
Giuseppe
0 Kudos
GTM-P2G8KFN