This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Log into switch with LDAP credentials

Log into switch with LDAP credentials

Stephen_Stormon
Contributor

‎05-02-2018 03:02 PM

Currently, we are using accounts created on each switch in order to be able to login.

We do have Extreme Management Center 8.x installed (we have NAC but don't have it fully configured/deployed yet) and have it configured so that users can login to EMC with their LDAP credentials. I know that a user can then use the "Open Device Terminal" via EMC, but we want to know if it is possible (and how we would configure it) so that we can use LDAP accounts instead when they start up PuTTY and SSH to a switch? I have read lots of different posts/articles on this and my head is swimming and need some guidance/clarity. Thanks!
18 REPLIES 18

Stephen_Stormon
Contributor

‎05-02-2018 06:46 PM

No luck. I attempted to follow those steps in 8.x and think I have it setup, but a login to the switch using my AD account (which is in the AD "XOS Administrators") group returns "Access Denied". Pictures below.

5405f8cf95274f3da00c919e900b39e0_RackMultipart20180502-56685-1dtc373-Rules_inline.png



5405f8cf95274f3da00c919e900b39e0_RackMultipart20180502-23877-1qgxfxi-xos_admins_inline.png



5405f8cf95274f3da00c919e900b39e0_RackMultipart20180502-109292-197n206-aaa_inline.png



5405f8cf95274f3da00c919e900b39e0_RackMultipart20180502-23877-kev3xc-management_login_inline.png



5405f8cf95274f3da00c919e900b39e0_RackMultipart20180502-128852-16h46ef-engine_inline.png



5405f8cf95274f3da00c919e900b39e0_RackMultipart20180502-127076-bil3l2-switches_inline.png



5405f8cf95274f3da00c919e900b39e0_RackMultipart20180502-26365-10zqxca-switch_detail_inline.png


0 Kudos

Ryan_Yacobucci
Extreme Employee

‎05-02-2018 03:34 PM

Correct,

The switch can be configured for RADIUS management login. If you use putty or other remote SSH/telnet tool you will be asked to input credentials. You can send these to NAC which can be pointed to Active Directory for authentication of those credentials.

Here is an article that should help with NAC configuration:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-NAC-to-handle-Management-...

The "Open Device Terminal" feature does not allow you to input credentials though. Putty, TerraTerm, other remote tools will allow this and it can be done with NAC.

Thanks
-Ryan
0 Kudos

Stephen_Stormon
Contributor

‎05-02-2018 03:27 PM

And there is no way on the switch to point it to an LDAP server to check credentials? Our only option to login is to either create a local account on the switch or use the account that has been configured via the "Open Device Terminal" and using the one set of credentials associated with that profile? There is no LDAP lookup option that can be configured on the switch to use a network account to login rather than a local account?

I swear I heard someone say at Extreme Connect that this could be done (use their LDAP credentials to login to a switch via a regular SSH PuTTY session).

0 Kudos

Ryan_Yacobucci
Extreme Employee

‎05-02-2018 03:19 PM

Hello,

At this time we can only use the login credentials that were configured under the profile that has been mapped to the switch.

There have been feature requests submitted to be able to submit unique credentials with the "Open Device Terminal" feature to allow tracking of specific users.

Thanks
-Ryan
0 Kudos
GTM-P2G8KFN