Wireless Access

Reply
Frequent Contributor II

mgt user read-only privileges

Hi,

 

Can you tell me which commands the read-only mgt user can use please (CLI)? I'm returning '0' from our Radius server which appears to work, but I'm not sure what the user can and can't do.

 

Thanks

 

Guru Elite

Re: mgt user read-only privileges

"read-only: Permits access to CLI show commands or WebUI monitoring pages only"

 

http://www.arubanetworks.com/techdocs/ArubaOS_65x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/mgmt-user.htm?Highlight=read-only


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Frequent Contributor II

Re: mgt user read-only privileges

Thanks Colin,

 

I realised I made a mistake there, I am returning '0' which I think is actually the 'network-operations' role. What do I need to return to use the 'read-only' role?

 

And is it listed anywhere what the subset of commands the network-operations role can actually use are?

 

Thanks for your help

Guru Elite

Re: mgt user read-only privileges

You need to return the radius attribute "Aruba-Admin-Role" with the admin role that you want a user to get:

 

Aruba-Admin-Role                  4      String       Aruba      14823


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Frequent Contributor II

Re: mgt user read-only privileges

So this is where I'm slightly hazy(!):

 

Isn't Aruba-Admin-Role for web users? What I want is CLI access roles.

 

We are currently returning numeric values for attribute 'Aruba-Priv-Admin-User', currently we use '1' for root and '0' for (what appears to equate to) 'network-operations'. Is there a list of what those numeric values should be for each user role that is available? Eg what should that number be for a 'read-only' user?

 

Or am I misunderstanding how this works?

Guru Elite

Re: mgt user read-only privileges

Aruba-Admin-Role is for all users.  It allows you to set the admin role by simply replying with the text name of the role as an attribute.

 

"Aruba-Priv-Admin-User" is an attribute only so that a user can avoid typing the enable password.  Please see here:  http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Aruba-VSA-Aruba-Priv-Admin-User/m-p/14609

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Frequent Contributor II

Re: mgt user read-only privileges

Ah so I did misunderstand this. So I can return a role eg

 

Aruba-Admin-Role :=  'network-operations'

 

*and* either:

Aruba-Priv-Admin-User := 0

or

Aruba-Priv-Admin-User := 1

 ?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: