This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSH users with RADIUS authentication not getting administrator privileges

SSH users with RADIUS authentication not getting administrator privileges

Jairo_Rojas_Her
New Contributor II

‎04-18-2016 05:27 PM

Thanks Patrick

I have problems with SSH2 authentication on summitX-in version 16.1.3.6 16.1.3.6 1-2.cos-patch-patch 1.2. When authenticates about Radius with a user who has administrator permissions not let modify read-only changes. Version may have problem?

This the more information about firmware last intalled
# sh ver images
Card Partition Installation Date Version Name Branch
------------------------------------------------------------------------------
Switch primary Fri Nov 7 18:35:13 UTC 2014 15.5.3.4 summitX450-15.5.3.4.xos v1553b4
Switch secondary Thu Apr 14 10:13:01 COT 2016 16.1.3.6 summitX-16.1.3.6-patch1-2.xos 16.1.3.6-patch1-2
Switch secondary Thu Apr 14 10:15:20 COT 2016 16.1.3.6 summitX-16.1.3.6-patch1-2-ssh.xmod 16.1.3.6-patch1-2

Note: This conversation was created from a reply on: NO MESSAGE DECODE; Missing component "AAA.RADIUS" v38.1.
0 Kudos
14 REPLIES 14

Jairo_Rojas_Her
New Contributor II

‎04-18-2016 06:03 PM

shared configuration Radius over switch x440-24p

configure radius mgmt-access primary server 10.120.11.60 1812 client-ip 10.128.50.4 vr VR-Default
configure radius mgmt-access primary shared-secret encrypted "A configure radius netlogin primary server 10.120.11.60 1812 client-ip 10.128.50.4 vr VR-Default
configure radius netlogin primary shared-secret encrypted "A enable radius mgmt-access
enable radius netlogin
create account admin rbarajas encrypted "$5$uhfPAK$UY6SRctk4CLrJrLqHnM5C"

0 Kudos

Patrick_Voss
Extreme Employee

‎04-18-2016 05:51 PM

Was this ever working?
0 Kudos

Jairo_Rojas_Her
New Contributor II

‎04-18-2016 05:47 PM

Radius authentication Radius Server is on a Windows 2012, there may be incompatibility of servers?
0 Kudos

BradP
Extreme Employee

‎04-18-2016 05:42 PM

Hi Jairo,

Have you made sure to add the VSA for administrator rights into the RADIUS server?

____________

On the radius server a normal user is needed for User access. If the user needs admin rights on the switch the following needs to be added to the radius user.Service-Type = Administrative-UserLINK: https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-RADIUS-authentication-for...
0 Kudos

Patrick_Voss
Extreme Employee

‎04-18-2016 05:41 PM

Hello Jairo,

Was this working in the past and suddenly stopped working? If the user is not getting the correct permissions but is authenticating it is typically a server issue. Have you looked at the server side to make sure they are matching on the correct policies?

0 Kudos
GTM-P2G8KFN