We support GIXEN, the eBay sniper.

Login with freeradius doesnt give full access

Post Reply
Mathias
Member
Posts: 2
Joined: 14 Jan 2009 07:08

Login with freeradius doesnt give full access

Post by Mathias » 18 Nov 2016 02:07

It seems that when i return the "default" values (the values we have used for all our alcatel AOS switches) from freeradius i dont get full access to the switch.

In freeradius we have setup the user and return the following values:

Xylan-Asa-Access = "all"
Xylan-Acce-Priv-F-W1 = 0xFFFFFFFF
Xylan-Acce-Priv-F-W2 = 0xFFFFFFFF

When i login with the user and run whoami i see this.

switch# whoami
Session number = 1
User name = xxxxxx,
Access type = ssh,
Access port = Ethernet,
IP address = x.x.x.x,
Read-only domains = None,
Read-only families = ,
Read-Write domains = System Services Policy Security MPLS VCM Datacenter ,
Read-Write families = file ssh scp-sftp telnet ntp dshell debug chassis module interface pmm port-mapping health ip rip ospf bgp vrrp ip-routing ipmr ipms vlan bridge stp 802.1Q linkaggregation ip-helper ripng ospfv3 isis tftp vrf bfd-std ha-vlan mcm capman vfc grm spb-isis evb appfp ,

I want to have "Read-Write domains = All" that i have on all my other AOS switces.

We are running 7.3.4.248.R02

Anyone seen this behaviour before?

silvio
Alcatel Unleashed Certified Guru
Alcatel Unleashed Certified Guru
Posts: 919
Joined: 01 Jul 2008 10:51
Location: Germany

Re: Login with freeradius doesnt give full access

Post by silvio » 20 Nov 2016 14:02

Hi,
there are additional attributes for R7/R8-switches. Summary you have the following (read in network guide)

9 Alcatel-Lucent-Asa-Access string Specifies that the user has access to the switch. The only valid value is all.
39 Alcatel-Lucent-Acce-Priv-F-R1 hex Configures functional read privileges for the user.
40 Alcatel-Lucent-Acce-Priv-F-R2 hex Configures functional read privileges for the user.
41 Alcatel-Lucent-Acce-Priv-F-W1 hex Configures functional write privileges for the user.
42 Alcatel-Lucent-Acce-Priv-F-W2 hex Configures functional write privileges for the user.
43 Alcatel-Lucent-Acce-Priv-F-R3 hex Configures functional read privileges for the user.
44 Alcatel-Lucent-Acce-Priv-F-R4 hex Configures functional read privileges for the user.
45 Alcatel-Lucent-Acce-Priv-F-W3 hex Configures functional write privileges for the user.
46 Alcatel-Lucent-Acce-Priv-F-W4 hex Configures functional write privileges for the user.

New at R7/R8 the attributes 43, 44, 45 and 46 (all with 0xffffffff for full access)

If you edit your dictionary in freeradius you can use Alcatel instead of Xylan.

regards
Silvio

Post Reply

Return to “OmniSwitch 6900”

Who is online

Users browsing this forum: No registered users and 3 guests