Wireless Access

Reply
Frequent Contributor II
Posts: 107
Registered: ‎07-06-2015

mgt user read-only privileges

[ Edited ]

Hi,

 

Can you tell me which commands the read-only mgt user can use please (CLI)? I'm returning '0' from our Radius server which appears to work, but I'm not sure what the user can and can't do.

 

Thanks

 

Guru Elite
Posts: 21,491
Registered: ‎03-29-2007

Re: mgt user read-only privileges

"read-only: Permits access to CLI show commands or WebUI monitoring pages only"

 

http://www.arubanetworks.com/techdocs/ArubaOS_65x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/mgmt-user.htm?Highlight=read-only



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 107
Registered: ‎07-06-2015

Re: mgt user read-only privileges

Thanks Colin,

 

I realised I made a mistake there, I am returning '0' which I think is actually the 'network-operations' role. What do I need to return to use the 'read-only' role?

 

And is it listed anywhere what the subset of commands the network-operations role can actually use are?

 

Thanks for your help

Guru Elite
Posts: 21,491
Registered: ‎03-29-2007

Re: mgt user read-only privileges

You need to return the radius attribute "Aruba-Admin-Role" with the admin role that you want a user to get:

 

Aruba-Admin-Role                  4      String       Aruba      14823



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 107
Registered: ‎07-06-2015

Re: mgt user read-only privileges

So this is where I'm slightly hazy(!):

 

Isn't Aruba-Admin-Role for web users? What I want is CLI access roles.

 

We are currently returning numeric values for attribute 'Aruba-Priv-Admin-User', currently we use '1' for root and '0' for (what appears to equate to) 'network-operations'. Is there a list of what those numeric values should be for each user role that is available? Eg what should that number be for a 'read-only' user?

 

Or am I misunderstanding how this works?

Guru Elite
Posts: 21,491
Registered: ‎03-29-2007

Re: mgt user read-only privileges

Aruba-Admin-Role is for all users.  It allows you to set the admin role by simply replying with the text name of the role as an attribute.

 

"Aruba-Priv-Admin-User" is an attribute only so that a user can avoid typing the enable password.  Please see here:  http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Aruba-VSA-Aruba-Priv-Admin-User/m-p/14609

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 107
Registered: ‎07-06-2015

Re: mgt user read-only privileges

Ah so I did misunderstand this. So I can return a role eg

 

Aruba-Admin-Role :=  'network-operations'

 

*and* either:

Aruba-Priv-Admin-User := 0

or

Aruba-Priv-Admin-User := 1

 ?

Search Airheads
Showing results for 
Search instead for 
Did you mean: