Comware

 View Only
last person joined: 2 days ago 

Expand all | Collapse all

Authentication for SSH users by an LDAPS

This thread has been viewed 14 times
  • 1.  Authentication for SSH users by an LDAPS

    Posted Apr 08, 2022 04:24 PM
    LDAP for ssh authentication works fine.
    ip 10.10.10.10 port 389

    Does the HP flexFabric 5700, 5800 support LDAPS? The LDAPS  always displays "access denied"
    ip 10.10.10.10 port 636

    I followed the instructions to setup LDAP:

    HPE FlexFabric 5710 Switch Series Security Configuration Guide
    https://techhub.hpe.com/eginfolib/networking/docs/switches/5710/5200-5002_security_cg/content/index.htm

    reagrds
    medera

    ------------------------------
    ana medera
    ------------------------------


  • 2.  RE: Authentication for SSH users by an LDAPS

    Posted 24 days ago
    Configure the switch to meet the following requirements:
    • Use the LDAP server to authenticate SSH users.
    • Assign the level-0 user role to SSH users after they pass authentication.


    ------------------------------
    James Gross
    ------------------------------



  • 3.  RE: Authentication for SSH users by an LDAPS

    EMPLOYEE
    Posted 24 days ago
    In the documentation for 5700 and 58xx series (BTW, 58xx are running Comware 5, old and unsupported) there is no mention for LDAPS or LDAP over TLS. The command 'protocol-version' has only two arguments: 'v2' and 'v3', so I am afraid when you point the port 636, the switch tries to use clear-text LDAP on that port, not TLS, that is the most probable cause why it fails.

    ------------------------------
    Ivan Bondar
    ------------------------------