Login with freeradius doesnt give full access

Mathias
Member
Posts: 2
Joined: 14 Jan 2009, 07:08

Login with freeradius doesnt give full access

Postby Mathias » 18 Nov 2016, 02:07

It seems that when i return the "default" values (the values we have used for all our alcatel AOS switches) from freeradius i dont get full access to the switch.

In freeradius we have setup the user and return the following values:

Xylan-Asa-Access = "all"
Xylan-Acce-Priv-F-W1 = 0xFFFFFFFF
Xylan-Acce-Priv-F-W2 = 0xFFFFFFFF

When i login with the user and run whoami i see this.

switch# whoami
Session number = 1
User name = xxxxxx,
Access type = ssh,
Access port = Ethernet,
IP address = x.x.x.x,
Read-only domains = None,
Read-only families = ,
Read-Write domains = System Services Policy Security MPLS VCM Datacenter ,
Read-Write families = file ssh scp-sftp telnet ntp dshell debug chassis module interface pmm port-mapping health ip rip ospf bgp vrrp ip-routing ipmr ipms vlan bridge stp 802.1Q linkaggregation ip-helper ripng ospfv3 isis tftp vrf bfd-std ha-vlan mcm capman vfc grm spb-isis evb appfp ,

I want to have "Read-Write domains = All" that i have on all my other AOS switces.

We are running 7.3.4.248.R02

Anyone seen this behaviour before?

silvio
Alcatel Unleashed Certified Guru
Alcatel Unleashed Certified Guru
Posts: 870
Joined: 01 Jul 2008, 10:51
Location: Germany

Re: Login with freeradius doesnt give full access

Postby silvio » 20 Nov 2016, 14:02

Hi,
there are additional attributes for R7/R8-switches. Summary you have the following (read in network guide)

9 Alcatel-Lucent-Asa-Access string Specifies that the user has access to the switch. The only valid value is all.
39 Alcatel-Lucent-Acce-Priv-F-R1 hex Configures functional read privileges for the user.
40 Alcatel-Lucent-Acce-Priv-F-R2 hex Configures functional read privileges for the user.
41 Alcatel-Lucent-Acce-Priv-F-W1 hex Configures functional write privileges for the user.
42 Alcatel-Lucent-Acce-Priv-F-W2 hex Configures functional write privileges for the user.
43 Alcatel-Lucent-Acce-Priv-F-R3 hex Configures functional read privileges for the user.
44 Alcatel-Lucent-Acce-Priv-F-R4 hex Configures functional read privileges for the user.
45 Alcatel-Lucent-Acce-Priv-F-W3 hex Configures functional write privileges for the user.
46 Alcatel-Lucent-Acce-Priv-F-W4 hex Configures functional write privileges for the user.

New at R7/R8 the attributes 43, 44, 45 and 46 (all with 0xffffffff for full access)

If you edit your dictionary in freeradius you can use Alcatel instead of Xylan.

regards
Silvio


Return to “OmniSwitch 6900”

Who is online

Users browsing this forum: No registered users and 4 guests