Security

Reply
Occasional Contributor II
Posts: 10
Registered: ‎12-06-2011

SSH RADIUS Authentication

I currently access my controller over SSH. The authentication method is RADIUS.

Is there possibility to directly enter the enable mode?

e.g. Cisco supports the RADIUS Attribute Service-Type: Administrative

Guru Elite
Posts: 20,419
Registered: ‎03-29-2007

Re: SSH RADIUS Authentication

If you are running ArubaOS 6.1 and above, the "enable bypass" directive can skip the enable prompt for root users who are authenticated:

 

(host) #configure t
Enter Configuration commands, one per line. End with CNTL/Z

(host) (config) #enable bypass ?
<cr>

 From the ArubaOS 6.1 user guide:

 

"

Bypassing the Enable Password Prompt

The bypass enable feature lets you bypass the enable password prompt and go directly to the privileged commands (config mode) after logging on to the controller. This is useful if you want to avoid changing the enable password due to company policy.

Use the enable bypass CLI command to bypass the enable prompt an go directly to the privileged commands (config mode). Use the no enable bypass CLI command to restore the enable password prompt."

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba
Posts: 1,638
Registered: ‎04-13-2009

Re: SSH RADIUS Authentication

If you don't want to set it globally as Colin suggested or aren't running 6.1 you can use the Aruba-Priv-Admin-User RADIUS attribute.   It is returned in an integer format (any non-negative value should work....I usually just assign it 1).

 

If your RADIUS does not have the Aruba dictionary files:

Vendor Code = 14823

Attribute Number = 3

Integer = 1 (or whatever you want)

 

Then on the Server Group set on the management authentication servers page be sure to have this server derived rule deffined.

 

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Occasional Contributor II
Posts: 10
Registered: ‎12-06-2011

Re: SSH RADIUS Authentication

Thank you. This works very well!

Search Airheads
Showing results for 
Search instead for 
Did you mean: