10-22-2024 02:21 PM
We're successful in setting this up to the point we can authenticate via MFA on putty but we can't authenticate passed anything other than read only. We've set the Vendor ID to 1916 (Extreme Networks) and have attempted multiple VSA's - Vendor Specific Attributes combined with multiple values with no avail.
Has anyone done this with Okta? Does anyone know how to view the RADIUS dictionary on an Extreme switch without contact Extreme support?
We've tried these VSA and Value combinations, any others we should try or different syntax that works with Okta and EXOS?
"ATTRIBUTE Extreme-Login-Service 100 integer" with "VALUE Extreme-Service-Type System-Administrator 8"
"ATTRIBUTE Extreme-Service-Type 1 integer" with "VALUE Extreme-Service-Type Super-User 32768"
"ATTRIBUTE Extreme-Shell-Command 202 string" with "VALUE Extreme-Login-Service SSH 32"
10-23-2024 04:24 AM
Have you tried using the The standard RADIUS attribute Service-Type with a value of Administrative? The following documentation explains this: https://documentation.extremenetworks.com/switchengine_32.7.1/GUID-739FD162-2AE4-4E0E-878B-7DED2D5D0...
The very last paragraph states:
"Extreme Networks switches grant a RADIUS-authenticated user read-write privilege if a Service-Type value of 6 is transmitted as part of the Access-Accept message from the RADIUS server. Other Service-Type values or no value, result in the switch granting read-only access to the user."
10-24-2024 10:05 AM
Correct, we've tried a multitude of combinations from Administrative, Admin, administrative, admin; pretty much every combo listed here and then some: