It seems that when i return the "default" values (the values we have used for all our alcatel AOS switches) from freeradius i dont get full access to the switch.
In freeradius we have setup the user and return the following values:
Xylan-Asa-Access = "all"
Xylan-Acce-Priv-F-W1 = 0xFFFFFFFF
Xylan-Acce-Priv-F-W2 = 0xFFFFFFFF
When i login with the user and run whoami i see this.
switch# whoami
Session number = 1
User name = xxxxxx,
Access type = ssh,
Access port = Ethernet,
IP address = x.x.x.x,
Read-only domains = None,
Read-only families = ,
Read-Write domains = System Services Policy Security MPLS VCM Datacenter ,
Read-Write families = file ssh scp-sftp telnet ntp dshell debug chassis module interface pmm port-mapping health ip rip ospf bgp vrrp ip-routing ipmr ipms vlan bridge stp 802.1Q linkaggregation ip-helper ripng ospfv3 isis tftp vrf bfd-std ha-vlan mcm capman vfc grm spb-isis evb appfp ,
I want to have "Read-Write domains = All" that i have on all my other AOS switces.
We are running 7.3.4.248.R02
Anyone seen this behaviour before?
Login with freeradius doesnt give full access
Re: Login with freeradius doesnt give full access
Hi,
there are additional attributes for R7/R8-switches. Summary you have the following (read in network guide)
9 Alcatel-Lucent-Asa-Access string Specifies that the user has access to the switch. The only valid value is all.
39 Alcatel-Lucent-Acce-Priv-F-R1 hex Configures functional read privileges for the user.
40 Alcatel-Lucent-Acce-Priv-F-R2 hex Configures functional read privileges for the user.
41 Alcatel-Lucent-Acce-Priv-F-W1 hex Configures functional write privileges for the user.
42 Alcatel-Lucent-Acce-Priv-F-W2 hex Configures functional write privileges for the user.
43 Alcatel-Lucent-Acce-Priv-F-R3 hex Configures functional read privileges for the user.
44 Alcatel-Lucent-Acce-Priv-F-R4 hex Configures functional read privileges for the user.
45 Alcatel-Lucent-Acce-Priv-F-W3 hex Configures functional write privileges for the user.
46 Alcatel-Lucent-Acce-Priv-F-W4 hex Configures functional write privileges for the user.
New at R7/R8 the attributes 43, 44, 45 and 46 (all with 0xffffffff for full access)
If you edit your dictionary in freeradius you can use Alcatel instead of Xylan.
regards
Silvio
there are additional attributes for R7/R8-switches. Summary you have the following (read in network guide)
9 Alcatel-Lucent-Asa-Access string Specifies that the user has access to the switch. The only valid value is all.
39 Alcatel-Lucent-Acce-Priv-F-R1 hex Configures functional read privileges for the user.
40 Alcatel-Lucent-Acce-Priv-F-R2 hex Configures functional read privileges for the user.
41 Alcatel-Lucent-Acce-Priv-F-W1 hex Configures functional write privileges for the user.
42 Alcatel-Lucent-Acce-Priv-F-W2 hex Configures functional write privileges for the user.
43 Alcatel-Lucent-Acce-Priv-F-R3 hex Configures functional read privileges for the user.
44 Alcatel-Lucent-Acce-Priv-F-R4 hex Configures functional read privileges for the user.
45 Alcatel-Lucent-Acce-Priv-F-W3 hex Configures functional write privileges for the user.
46 Alcatel-Lucent-Acce-Priv-F-W4 hex Configures functional write privileges for the user.
New at R7/R8 the attributes 43, 44, 45 and 46 (all with 0xffffffff for full access)
If you edit your dictionary in freeradius you can use Alcatel instead of Xylan.
regards
Silvio