Hello ,
Thanks for your reply ,Its awesome
Initially I tried
Service-Type = NAS-prompt-user
HP-Command-Exception = 0
HP-Command-String = "show;ping;traceroute"
Every thing was working except "show run " finally I found that " show run " is not in the list of command in "operator" level access
Then I tried the following and its working
Service-Type = Administrative-User
HP-Command-Exception = 0
HP-Command-String = "show;ping;traceroute"
Need advice : Is it possible to enable " show run " in "operator" level access ?
Will wait for your answer
Regards
Original Message:
Sent: Jun 30, 2022 05:50 AM
From: Stanislav Naydenov
Subject: How to authorize "sh run " in operator level access
Hi,
You should specify what are the switches in use.
For Procurve there is some similar guide for command authorization with/on FreeRadius: https://techhub.hpe.com/eginfolib/networking/docs/switches/RA/15-18/5998-8151_ra_2620_asg/content/ch06s09.html#s_Configuring_commands_authorization_on_a_RADIUS_server
For CX devices, command authorization on a remote server is supported with TACACS+ only. RADIUS authentication can be used with local authorization (you have to create an user-group and define the permitted/denied commands in a list, where * can be used as well). I haven't tried this, but the RADIUS needs to return the proper user-group as well (three built-in groups on the switch /administrators/auditors/operators (no changes for these groups available) + locally defined (what you need to create)).
For reference you can search for the Security Guide of your device (https://www.arubanetworks.com/techdocs/AOS-CX/help_portal/Content/home.htm) and take a look at command authorization and user-groups.
Original Message:
Sent: Jun 29, 2022 02:18 PM
From: Debabrata Majhi
Subject: How to authorize "sh run " in operator level access
Hi All
We are using Radius authentication for accessing Aruba switch .we have some requirement to give access to run command "show running config" to the Read only access user ,
We are using FreeRADIUS for Giving access to the user through by following .Request your help to authorize "show runn" command for RO user.
Service-Type = NAS-prompt-user
Any help much appreciate
Regards