Powered by Jitbit AspNetForum free trial version.
home recent topics recent posts search faq  

TekRADIUS :: Forum

register | lost password |
Messages in this topic - RSS

Home » General » Issue with H3C switches authorization attribute


25.02.2010 21:21:52

sramdane
sramdane
Posts: 2 		Helo,

I have tried TekRadius with 3Com and H3C to telnet to the switches with account on the Radius server (SQL dbase).

I worked very well with 3Com; this is I can log into the switch with the right level 1 or 2 or 3 as per the attributes I have set for the user in TekRadius.

With H3C switch it worked also BUT when I get into the switch CLi through telnet I get the always the level 0

I am attaching the debug/wireshark files

The user in TekRadius has the ckeck type for his user password, it has H3C access level as H3C admin, login service as telnet and service type as login; all 3 are type reply on success.

Thanks for any help!

Regards

Attachments:
TekRADIUS.log
Wireshark.txt
debug from the switch.txt
permalink • reply with quote
26.02.2010 13:12:42

admin
admin
Administrator
Posts: 882 		Hi,

As you can see in switch's debug log, returned H3C-User-Access-Level attribute is discared by the switch since vendor id is not recognized (H3C=25506).
You should use 3Com-User-Access-Level in place of H3C-User-Access-Level when authentication login requests coming from 3Com switch. You can consider adding both H3C-User-Access-Level and 3Com-User-Access-Level attributes to the the user profile.

Best regards,

Yasin KAPLAN
permalink • reply with quote
26.02.2010 19:11:11

sramdane
sramdane
Posts: 2 		Thank you for your prompt answer; I solved the issue bu adding the following in the dictionary:
=============================
ID# Vendor Name Status
------------------------------------------------------------
2011 H3C Enabled

Attribute ID Attribute Name Attribute Type Status
-------------------------------------------------------------------------------------------------------------
29 Hw_Exec_Privilege integer enabled

Value ID Value
----------------------------------------------------------
0 H3C-Visitor
1 H3C-Monitor
2 H3C-Manager
3 H3C-Administrator

Then changed the user reply attributes accordingly

Switch debug now shows:

*Apr 26 18:35:09:512 2000 H3C RDS/7/DEBUG:Recv MSG,[MsgType=Normal auth request Index = 14, ulParam3=61592688]
*Apr 26 18:35:09:529 2000 H3C RDS/7/DEBUG:Send attribute list:
*Apr 26 18:35:09:530 2000 H3C RDS/7/DEBUG:
[1 User-name ] [10] [sramdane]
[2 Password ] [18] [420280698151AC4A88C23330C95D4DB3]
[4 NAS-IP-Address ] [6 ] [10.0.1.254]
[32 NAS-Identifier ] [5 ] [H3C]
[5 NAS-Port ] [6 ] [16785409]
[87 NAS_Port_Id ] [34] [slot=1;subslot=0;port=2;vlanid=1]
*Apr 26 18:35:09:549 2000 H3C RDS/7/DEBUG:
[61 NAS-Port-Type ] [6 ] [5]
[hw-26 Connect_ID ] [6 ] [14]
[6 Service-Type ] [6 ] [1]
[14 Login-Host ] [6 ] [10.0.1.254]
[31 Caller-ID ] [16] [303030302D303030302D30303030]
[8 Framed-Address ] [6 ] [10.0.1.200]
*Apr 26 18:35:09:569 2000 H3C RDS/7/DEBUG:
[hw-255Product-ID ] [15] [H3C S3610-28P]
[hw-60 Ip-Host-Addr ] [30] [10.0.1.200 00:00:00:00:00:00]
[hw-59 NAS-Startup-Timestamp ] [6 ] [956750401]
*Apr 26 18:35:09:590 2000 H3C RDS/7/DEBUG:Send: IP=[10.0.1.100], UserIndex=[14], ID=[13], RetryTimes=[0], Code=[1], Length=[202]
*Apr 26 18:35:09:610 2000 H3C RDS/7/DEBUG:Send Raw Packet is:
*Apr 26 18:35:09:611 2000 H3C RDS/7/DEBUG:
01 0d 00 ca 00 00 44 53 00 00 19 e1 00 00 45 d3
00 00 02 5a 01 0a 73 72 61 6d 64 61 6e 65 02 12
42 02 80 69 81 51 ac 4a 88 c2 33 30 c9 5d 4d b3
04 06 0a 00 01 fe 20 05 48 33 43 05 06 01 00 20
01 57 22 73 6c 6f 74 3d 31 3b 73 75 62 73 6c 6f
74 3d 30 3b 70 6f 72 74 3d 32 3b 76 6c 61 6e 69
64 3d 31 3d 06 00 00 00 05 06 06 00 00 00 01 0e
06 0a 00 01 fe 1f 10 30 30 30 30 2d 30 30 30 30
2d 30 30 30 30 08 06 0a 00 01 c8 1a 3f 00 00 07
db 1a 06 00 00 00 0e ff 0f 48 33 43 20 53 33 36
31 30 2d 32 38 50 3c 1e 31 30 2e 30 2e 31 2e 32
30 30 20 30 30 3a 30 30 3a 30 30 3a 30 30 3a 30
30 3a 30 30 3b 06 39 06 da 41

*Apr 26 18:35:09:630 2000 H3C RDS/7/DEBUG:Recv MSG,[MsgType=PKT response Index = 44, ulParam3=56802416]
*Apr 26 18:35:09:650 2000 H3C RDS/7/DEBUG:Receive Raw Packet is:
%Apr 26 18:35:09:671 2000 H3C SHELL/4/LOGIN: sramdane login from 10.0.1.200
*Apr 26 18:35:09:672 2000 H3C RDS/7/DEBUG:
02 0d 00 2c 85 93 ec 56 b7 a3 f8 a1 83 58 f3 a2
f8 72 40 53 06 06 00 00 00 01 0f 06 00 00 00 00
1a 0c 00 00 07 db 1d 06 00 00 00 03

*Apr 26 18:35:09:690 2000 H3C RDS/7/DEBUG:Receive:IP=[10.0.1.100],Code=[2],Length=[44]
*Apr 26 18:35:09:711 2000 H3C RDS/7/DEBUG:
[6 Service-Type ] [6 ] [1]
[15 Login-Service ] [6 ] [0]
[hw-29 Exec_Privilege ] [6 ] [3]
*Apr 26 18:35:09:731 2000 H3C RDS/7/DEBUG:Recv MSG,[MsgType=Account request Index = 14, ulParam3=0]
*Apr 26 18:35:09:751 2000 H3C RDS/7/DEBUG:Send attribute list:
*Apr 26 18:35:09:752 2000 H3C RDS/7/DEBUG:
[1 User-name ] [10] [sramdane]
[32 NAS-Identifier ] [5 ] [H3C]
[5 NAS-Port ] [6 ] [16785409]
[87 NAS_Port_Id ] [34] [slot=1;subslot=0;port=2;vlanid=1]
[61 NAS-Port-Type ] [6 ] [5]
[31 Caller-ID ] [16] [303030302D303030302D30303030]
*Apr 26 18:35:09:771 2000 H3C RDS/7/DEBUG:
[40 Acct-Status-Type ] [6 ] [1]
[45 Acct-Authentic ] [6 ] [1]
[44 Acct-Session-Id ] [14] [10003261835c]
[8 Framed-Address ] [6 ] [10.0.1.200]
[4 NAS-IP-Address ] [6 ] [10.0.1.254]
[55 Event-Timestamp ] [6 ] [956774109]
*Apr 26 18:35:09:792 2000 H3C RDS/7/DEBUG:
[hw-28 Ftp_Directory ] [2 ] []
[hw-29 Exec_Privilege ] [6 ] [3]
[hw-60 Ip-Host-Addr ] [30] [10.0.1.200 00:00:00:00:00:00]
*Apr 26 18:35:09:812 2000 H3C RDS/7/DEBUG:Send: IP=[10.0.1.100], UserIndex=[14], ID=[22], RetryTimes=[0], Code=[4], Length=[185]
*Apr 26 18:35:09:832 2000 H3C RDS/7/DEBUG:Send Raw Packet is:
*Apr 26 18:35:09:853 2000 H3C RDS/7/DEBUG:
04 16 00 b9 65 50 30 3f d9 6f c6 55 06 35 46 fe
e7 f0 79 8a 01 0a 73 72 61 6d 64 61 6e 65 20 05
48 33 43 05 06 01 00 20 01 57 22 73 6c 6f 74 3d
31 3b 73 75 62 73 6c 6f 74 3d 30 3b 70 6f 72 74
3d 32 3b 76 6c 61 6e 69 64 3d 31 3d 06 00 00 00
05 1f 10 30 30 30 30 2d 30 30 30 30 2d 30 30 30
30 28 06 00 00 00 01 2d 06 00 00 00 01 2c 0e 31
30 30 30 33 32 36 31 38 33 35 63 08 06 0a 00 01
c8 04 06 0a 00 01 fe 37 06 39 07 36 dd 1a 2c 00
00 07 db 1c 02 1d 06 00 00 00 03 3c 1e 31 30 2e
30 2e 31 2e 32 30 30 20 30 30 3a 30 30 3a 30 30
3a 30 30 3a 30 30 3a 30 30

*Apr 26 18:35:09:872 2000 H3C RDS/7/DEBUG:Recv MSG,[MsgType=PKT response Index = 20, ulParam3=56802672]
*Apr 26 18:35:09:892 2000 H3C RDS/7/DEBUG:Receive Raw Packet is:
*Apr 26 18:35:09:893 2000 H3C RDS/7/DEBUG:
05 16 00 14 76 b9 9f a9 0b 4a 4f 04 d2 bb fb 2d
8e 74 b5 65

*Apr 26 18:35:09:913 2000 H3C RDS/7/DEBUG:Receive:IP=[10.0.1.100],Code=[5],Length=[20]
*Apr 26 18:35:09:933 2000 H3C RDS/7/DEBUG:NULL

Thank you again for your prompt help!

Kind regards
permalink • reply with quote
27.02.2010 17:06:42

admin
admin
Administrator
Posts: 882 		You welcome
permalink • reply with quote

Home » General » Issue with H3C switches authorization attribute





Powered by AspNetForum 6.5.7.0 © 2006-2010 Jitbit Software