Wireless Access

Hi,

Can you tell me which commands the read-only mgt user can use please (CLI)? I'm returning '0' from our Radius server which appears to work, but I'm not sure what the user can and can't do.

Thanks

"read-only: Permits access to CLI show commands or WebUI monitoring pages only"

http://www.arubanetworks.com/techdocs/ArubaOS_65x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/mgmt-user.htm?Highlight=read-only

Thanks Colin,

I realised I made a mistake there, I am returning '0' which I think is actually the 'network-operations' role. What do I need to return to use the 'read-only' role?

And is it listed anywhere what the subset of commands the network-operations role can actually use are?

Thanks for your help

You need to return the radius attribute "Aruba-Admin-Role" with the admin role that you want a user to get:

Aruba-Admin-Role                  4      String       Aruba      14823

So this is where I'm slightly hazy(!):

Isn't Aruba-Admin-Role for web users? What I want is CLI access roles.

We are currently returning numeric values for attribute 'Aruba-Priv-Admin-User', currently we use '1' for root and '0' for (what appears to equate to) 'network-operations'. Is there a list of what those numeric values should be for each user role that is available? Eg what should that number be for a 'read-only' user?

Or am I misunderstanding how this works?

Aruba-Admin-Role is for all users.  It allows you to set the admin role by simply replying with the text name of the role as an attribute.

"Aruba-Priv-Admin-User" is an attribute only so that a user can avoid typing the enable password.  Please see here:  http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Aruba-VSA-Aruba-Priv-Admin-User/m-p/14609

Ah so I did misunderstand this. So I can return a role eg

Aruba-Admin-Role :=  'network-operations'

*and* either:

Aruba-Priv-Admin-User := 0

or

Aruba-Priv-Admin-User := 1

 ?