Comware

 View Only
last person joined: 23 hours ago 

HPE 5945 Radius login problems

This thread has been viewed 22 times
  • 1.  HPE 5945 Radius login problems

    Posted Sep 26, 2023 06:00 AM

    Hi people,

    i'm working on some HPE 5945 with Comware 7.1.070 where I should login via RADIUS, where the server is a FortiAuthenticator.

    Here is part of my configuration:

    #
    line class aux
     authentication-mode scheme
     user-role network-admin
    #
    line class vty 
     user-role network-operator
    #
    line aux 0 1
     user-role network-admin
    #
    line vty 0 63
     authentication-mode scheme
     user-role network-admin
     user-role network-op
     user-role network-operator
     protocol inbound ssh
     idle-timeout 30 5
    #
     ssh server enable
     ssh user admin service-type stelnet authentication-type password
    #
     password-control enable 
     undo password-control aging enable 
     undo password-control length enable 
     undo password-control composition enable 
     undo password-control history enable 
     password-control login-attempt 3 exceed unlock 
     password-control update-interval 0
     password-control login idle-time 0
    #
    radius enable
    #
    radius scheme fortiauth
     primary authentication <IP_FORTIAUTH>
     primary accounting <IP_FORTIAUTH>
     key authentication cipher <sharedkey>
     key accounting cipher <sharedkey>
     user-name-format without-domain
    #
    domain fortiauth
     authentication login radius-scheme fortiauth local
     authorization login radius-scheme fortiauth local
     accounting login radius-scheme fortiauth local
    #
    domain system
    #              
     domain default enable fortiauth
    #
     role default-role enable
    #
    role name level-0
     description Predefined level-0 role
    #
    role name level-1
     description Predefined level-1 role
    #
    role name level-2
     description Predefined level-2 role
    #
    role name level-3
     description Predefined level-3 role
    #
    role name level-4
     description Predefined level-4 role
    #
    role name level-5
     description Predefined level-5 role
    #
    role name level-6
     description Predefined level-6 role
    #
    role name level-7
     description Predefined level-7 role
    #
    role name level-8
     description Predefined level-8 role
    #
    role name level-9
     description Predefined level-9 role
    #
    role name level-10
     description Predefined level-10 role
    #
    role name level-11
     description Predefined level-11 role
    #
    role name level-12
     description Predefined level-12 role
    #
    role name level-13
     description Predefined level-13 role
    #              
    role name level-14
     description Predefined level-14 role
    #
    user-group system
    #
    local-user admin class manage
     service-type telnet ssh terminal
     authorization-attribute user-role network-admin
     authorization-attribute user-role network-operator
    #
    local-user <localuser2> class manage
     service-type telnet ssh terminal
     authorization-attribute user-role network-admin
     authorization-attribute user-role network-operator
    #
    return

    When I login i receive this output:

    Taking a look into FortiAuthenticator I see that the login is successful:

    There's an error into my configuration?

    Should i pass particular attributes from Radius server?

    Regards,

    Stefano