Extreme Networks

Forrest_Darst · ‎11-14-2014

Has anyone successful setup command Authorization through a windows radius server?

I'm using NPS on Server 2012 and would like to start adding command that our tech can use. So far I can only grant Admin or User access through Radius. I found the documentation for setting this up through FreeRadius, but I can't seem to get it working with Windows.

digiwar · ‎06-17-2015

Yes, that's basically where I got stuck as well 🙂

Ronald_Dvorak · ‎06-17-2015

OK, might be that I'm wrong.

In the Extreme XOS Concept Guide 15.4 they talk about "Configuring Command Authorization"...

"If command authorization is disabled, the user has full access to all CLI commands.
If commandauthorization is enabled, each command the user enters is accepted or rejected based on the content of the profiles file on the RADIUS server.
For more information on RADIUS server configuration for command authorization, see Configuring Command Authorization (RADIUS Profiles)."

Unfortunately the link to "see Configuring Command Authorization (RADIUS Profiles)." in the document isn't working so I haven't found a configuration example.

-Ron

digiwar · ‎06-17-2015

Yes, I'm starting to think it might not be possible.
But then what is the point of the Extreme VSAs 201 and 202, i.e. Extreme-CLI-Authorization & Extreme-Shell-Command?

Ronald_Dvorak · ‎06-17-2015

AFAIK that is not possible with Windows RADIUS.
Normaly that kind of different command level access is done with TACACS.

-Ron

digiwar · ‎06-17-2015

Hi,

No, not really. Administrator access is not the issue.
I want a specific user to have the right to only specific commands, specifically 'show configuration'.

Best regards,
Daniel

Extreme Networks

Configuring command authorization using Windows Radius

Configuring command authorization using Windows Radius