SSH users with RADIUS authentication not getting administrator privileges
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-18-2016 05:27 PM
Thanks Patrick
I have problems with SSH2 authentication on summitX-in version 16.1.3.6 16.1.3.6 1-2.cos-patch-patch 1.2. When authenticates about Radius with a user who has administrator permissions not let modify read-only changes. Version may have problem?
This the more information about firmware last intalled
# sh ver images
Card Partition Installation Date Version Name Branch
------------------------------------------------------------------------------
Switch primary Fri Nov 7 18:35:13 UTC 2014 15.5.3.4 summitX450-15.5.3.4.xos v1553b4
Switch secondary Thu Apr 14 10:13:01 COT 2016 16.1.3.6 summitX-16.1.3.6-patch1-2.xos 16.1.3.6-patch1-2
Switch secondary Thu Apr 14 10:15:20 COT 2016 16.1.3.6 summitX-16.1.3.6-patch1-2-ssh.xmod 16.1.3.6-patch1-2
Note: This conversation was created from a reply on: NO MESSAGE DECODE; Missing component "AAA.RADIUS" v38.1.
I have problems with SSH2 authentication on summitX-in version 16.1.3.6 16.1.3.6 1-2.cos-patch-patch 1.2. When authenticates about Radius with a user who has administrator permissions not let modify read-only changes. Version may have problem?
This the more information about firmware last intalled
# sh ver images
Card Partition Installation Date Version Name Branch
------------------------------------------------------------------------------
Switch primary Fri Nov 7 18:35:13 UTC 2014 15.5.3.4 summitX450-15.5.3.4.xos v1553b4
Switch secondary Thu Apr 14 10:13:01 COT 2016 16.1.3.6 summitX-16.1.3.6-patch1-2.xos 16.1.3.6-patch1-2
Switch secondary Thu Apr 14 10:15:20 COT 2016 16.1.3.6 summitX-16.1.3.6-patch1-2-ssh.xmod 16.1.3.6-patch1-2
Note: This conversation was created from a reply on: NO MESSAGE DECODE; Missing component "AAA.RADIUS" v38.1.
14 REPLIES 14
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-18-2016 06:03 PM
shared configuration Radius over switch x440-24p
configure radius mgmt-access primary server 10.120.11.60 1812 client-ip 10.128.50.4 vr VR-Default
configure radius mgmt-access primary shared-secret encrypted "A
configure radius netlogin primary shared-secret encrypted "A
enable radius netlogin
create account admin rbarajas encrypted "$5$uhfPAK$UY6SRctk4CLrJrLqHnM5C"
configure radius mgmt-access primary server 10.120.11.60 1812 client-ip 10.128.50.4 vr VR-Default
configure radius mgmt-access primary shared-secret encrypted "A
configure radius netlogin primary shared-secret encrypted "A
enable radius netlogin
create account admin rbarajas encrypted "$5$uhfPAK$UY6SRctk4CLrJrLqHnM5C"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-18-2016 05:51 PM
Was this ever working?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-18-2016 05:47 PM
Radius authentication Radius Server is on a Windows 2012, there may be incompatibility of servers?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-18-2016 05:42 PM
Hi Jairo,
Have you made sure to add the VSA for administrator rights into the RADIUS server?
____________
On the radius server a normal user is needed for User access. If the user needs admin rights on the switch the following needs to be added to the radius user.Service-Type = Administrative-UserLINK: https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-RADIUS-authentication-for...
Have you made sure to add the VSA for administrator rights into the RADIUS server?
____________
On the radius server a normal user is needed for User access. If the user needs admin rights on the switch the following needs to be added to the radius user.Service-Type = Administrative-UserLINK: https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-RADIUS-authentication-for...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-18-2016 05:41 PM
Hello Jairo,
Was this working in the past and suddenly stopped working? If the user is not getting the correct permissions but is authenticating it is typically a server issue. Have you looked at the server side to make sure they are matching on the correct policies?
Was this working in the past and suddenly stopped working? If the user is not getting the correct permissions but is authenticating it is typically a server issue. Have you looked at the server side to make sure they are matching on the correct policies?
