Hi,I am able to access Web GUI using manager and operator users but I am not able to do that using other local users on priviledge Level-15. SSH is accessible. aaa authentication local-user "webwebweb" group "Level-15"Is it possible to create a group which has https access? Is https access for local users supported?
Are you using full-on RBAC?
If I assume not you actually need something like...
password manager user-name <username> plaintext <password>
to add a user capable of logging into the CLI or WebUI
As I have mentioned before, manager and operator users are able to use Web GUI. Local users created this way (see below) - are not.
aaa authentication local-user "webwebweb" group "Level-15"
Radius authenticated users can access Web GUI also, but failback to local user authentication is not working (except for manager and operator users).
aaa authentication web login radius server-group "RADIUS" local
aaa authentication web enable radius server-group "RADIUS" local
aaa authentication web login local
aaa authentication web enable local
What's the configuration for the group "Level-15"?
This is an example of a user created with full permissions?
#aaa authorization group "test-group" 10 match-command "*" permit
#aaa authentication local-user test-user group test-group password plaintext
On 2930F platform "Level-15" is predefined group will full permitions - you do not have to create one.
Minondas, are you able to connect via https using local user from created group? "test-group" in your case.
I've tested with http web-management and it worked just fine.
1. the problem with those commands is the password in sha1 which can easily decrypted although encrypt-credentials=enable
It is stated in the 'Aruba 2930F / 2930M Access Security Guide for ArubaOS-Switch 16.10' that RBAC is not supported for WebUI access.
Limitations section under Chapter 19
The information on the manual pointed by saishyam explains this behaviour.
Even given full access to the user it is still being allowed just operator access through WebUI.
Older versions of the same document (16.02 for example) does not have that information.
I wonder how you are getting that operator access because I am not getting any
Ok, let's give sayshyam Kudos, hope that Aruba is going to fix this some day and I am now switching my customer's local-user account to device manager
Thanks for help!
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.