Login with freeradius doesnt give full access
Posted: 18 Nov 2016 02:07
It seems that when i return the "default" values (the values we have used for all our alcatel AOS switches) from freeradius i dont get full access to the switch.
In freeradius we have setup the user and return the following values:
Xylan-Asa-Access = "all"
Xylan-Acce-Priv-F-W1 = 0xFFFFFFFF
Xylan-Acce-Priv-F-W2 = 0xFFFFFFFF
When i login with the user and run whoami i see this.
switch# whoami
Session number = 1
User name = xxxxxx,
Access type = ssh,
Access port = Ethernet,
IP address = x.x.x.x,
Read-only domains = None,
Read-only families = ,
Read-Write domains = System Services Policy Security MPLS VCM Datacenter ,
Read-Write families = file ssh scp-sftp telnet ntp dshell debug chassis module interface pmm port-mapping health ip rip ospf bgp vrrp ip-routing ipmr ipms vlan bridge stp 802.1Q linkaggregation ip-helper ripng ospfv3 isis tftp vrf bfd-std ha-vlan mcm capman vfc grm spb-isis evb appfp ,
I want to have "Read-Write domains = All" that i have on all my other AOS switces.
We are running 7.3.4.248.R02
Anyone seen this behaviour before?
In freeradius we have setup the user and return the following values:
Xylan-Asa-Access = "all"
Xylan-Acce-Priv-F-W1 = 0xFFFFFFFF
Xylan-Acce-Priv-F-W2 = 0xFFFFFFFF
When i login with the user and run whoami i see this.
switch# whoami
Session number = 1
User name = xxxxxx,
Access type = ssh,
Access port = Ethernet,
IP address = x.x.x.x,
Read-only domains = None,
Read-only families = ,
Read-Write domains = System Services Policy Security MPLS VCM Datacenter ,
Read-Write families = file ssh scp-sftp telnet ntp dshell debug chassis module interface pmm port-mapping health ip rip ospf bgp vrrp ip-routing ipmr ipms vlan bridge stp 802.1Q linkaggregation ip-helper ripng ospfv3 isis tftp vrf bfd-std ha-vlan mcm capman vfc grm spb-isis evb appfp ,
I want to have "Read-Write domains = All" that i have on all my other AOS switces.
We are running 7.3.4.248.R02
Anyone seen this behaviour before?