ssh radius auth without VSA

Post Reply
Posts: 1
Joined: 08 Sep 2017 11:16

ssh radius auth without VSA

Post by tibz » 08 Sep 2017 11:23

I'm trying to have radius auth for administrators working without having to return the VSA.
I've read on this page that we can return these attributes for full admin:
Xylan-Asa-Access = "all",
Xylan-Acce-Priv-F-W1 = 0xFFFFFFFF,
Xylan-Acce-Priv-F-W2 = 0xFFFFFFFF

This is fine, when I do this, it works.

My problem is that I need to have the auth working WITHOUT having to send these attributes.

Reading this documentation ( ... /os_sw.pdf) there is a user called "default" which I understand can be used for this. The document says on page 247 (9-9): The privilege default is particularly important for users who are authenticated via an ACE/Server, which only supplies username and password information; or for users who are authenticated via a RADIUS or LDAP server on which privileges are not configured.

So i've changed the settings of that "default" users to give him full rw access, but it refuse to work. My radius send a "request-accepted" but the switch does not let me in because the attributes are not present...

Any idea what is wrong? Or is just the documentation wrong? (or misunderstood by me :-))

Thank you

User avatar
Alcatel Unleashed Certified Guru
Alcatel Unleashed Certified Guru
Posts: 6720
Joined: 14 Sep 2005 19:45
Location: Brasil, Porto Alegre

Re: ssh radius auth without VSA

Post by cavagnaro » 09 Sep 2017 14:33

Don't double post

Enviado de meu E6633 usando Tapatalk

Ignorance is not the problem, the problem is the one who doesn't want to learn

OTUC/ICS ACFE/ACSE R3.0/4.0/5.0/6.0
Certified Genesys CIV 8.5
Certified Genesys Troubleshooting 8.5
Certified Genesys BEP 8.x
Genesys Developer

Post Reply

Return to “OmniSwitch 6350”