08-02-2012 05:00 AM
I currently access my controller over SSH. The authentication method is RADIUS.
Is there possibility to directly enter the enable mode?
e.g. Cisco supports the RADIUS Attribute Service-Type: Administrative
08-02-2012 05:38 AM
If you are running ArubaOS 6.1 and above, the "enable bypass" directive can skip the enable prompt for root users who are authenticated:
(host) #configure t Enter Configuration commands, one per line. End with CNTL/Z (host) (config) #enable bypass ? <cr>
From the ArubaOS 6.1 user guide:
Bypassing the Enable Password Prompt
The bypass enable feature lets you bypass the enable password prompt and go directly to the privileged commands (config mode) after logging on to the controller. This is useful if you want to avoid changing the enable password due to company policy.
Use the enable bypass CLI command to bypass the enable prompt an go directly to the privileged commands (config mode). Use the no enable bypass CLI command to restore the enable password prompt."
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
08-02-2012 06:30 AM
If you don't want to set it globally as Colin suggested or aren't running 6.1 you can use the Aruba-Priv-Admin-User RADIUS attribute. It is returned in an integer format (any non-negative value should work....I usually just assign it 1).
If your RADIUS does not have the Aruba dictionary files:
Vendor Code = 14823
Attribute Number = 3
Integer = 1 (or whatever you want)
Then on the Server Group set on the management authentication servers page be sure to have this server derived rule deffined.
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX