03-10-2015 02:59 AM
we got some new HP/3Com bladeswitches and I am trying to get Radius authentication via ssh working with CPPM.
During some research i found the attributes which must be send from Radius server to the switch.
One of them is Standard Radius Login-Service (15) Attribut with the Value of 50 (ssh).
In the dictiononary this attribut with value of 50 does not exist.
I know that it is not a standard ietf attribute but on lots of radius server you can add it manually:
Is it possible on CPPM too?
Thanks for help.
Solved! Go to Solution.
03-10-2015 04:01 AM
12-04-2015 07:21 AM
Administration -> Dictionaries -> RADIUS
Find "IEFT" in the list for Vendor Name. Clik on "IEFT".
Click on "Export" and save the XML file.
Open the XML file and search for "Login-Service"
Add this line under existing enumOrdinal(s):
<ValidValue enumOrdinal="50" value="SSH"/>
Save the updated XML file.
Now import the updated Radius dictionary file for IEFT.
Administration -> Dictionaries -> RADIUS, click on Import in upper right corner.
Find the updated XML file, and clik on Import.
Now you are able to add Radius:IEFT Login-Service = SSH (50) for the Enforcement profile.
If you choose to use Telnet (0) for Login-Service, then both Telnet and SSH access is accepted (if the switch have both Telnet and SSH service enabled).
If you, however, use SSH (50) for Login-service only, then Telnet access is rejected.
Finally add the Radius:Huawei Huawei-Exec-Privilege = 3 to the Enforcement profile, if you want access level as administrator (highest), when login is accepted.
Management login for Radius on the HP Comware switch is enabled by:
authentication login radius-scheme <name of radius scheme>
authorization login radius-schme <name of radius scheme>