Security

Reply
Contributor II

Does anyone have Comware 5 RADIUS logins working?

We have Clearpass 6.6.1 running, I am trying to get admin level login for our switches.

 

My first switch I am attempting to get working is 3com branded 4800G running 5.20 Release 2220P07

What attributes do I need to return?

Previously we have been using IMC to do RADIUS and I did a packet capture to see what it was sending.

I see
Service-Type(6): Login(1)
Login-Service(15): Unknown(50)
3Com-User-Access-Level(1): 3Com-Administrator(3)
3Com-Connect_ID(26): 18268xxx (where xxx so far is a changing number for each connection)

I tried returning service type login, login-service ssh(50), 3com-user-access-level 3Com-administrator

and all I see is "access denied" when I enter my user/password
I do see in the clearpass monitor that it is accepting my user/password and returning

Radius:3com:3Com-User-Access-Level3
Radius:IETF:Login-Service50
Radius:IETF:Service-Type1

So my best guess is I need to use a different attribute to log in?  Hopefully, someone has done this and has it working.

My switch is configured like this:

radius scheme Clearpass
server-type standard
primary authentication x.x.x.x
primary accounting x.x.x.x
key authentication xxxxxxx
key accounting xxxxxxxx
user-name-format without-domain

domain radius
authentication login radius-scheme Clearpass local
accounting login radius-scheme Clearpass local
authorization login radius-scheme clearpass local
access-limit disable
state active
idle-cut disable
self-service-url disable 
Contributor II

Re: Does anyone have Comware 5 RADIUS logins working?

To provide further detail. I see my packets from clearpass coming in as "Access-Reject" where I would see "Access-Accept" from IMC.

Not sure why it is transmitting as a reject.


This is actually not true. I didn't realize I got several access-accept from clearpass prior in the same "conversation"

clearpass.PNGI am not a smart man. Forgot to add "domain default enable Clearpass" to my config I had it set to another test. And server-type should be extended

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: