Powered by Jitbit Forum free trial version.
home recent topics recent posts search faq  

TekRADIUS Forum


register | lost password   open id

Messages in this topic - RSS

Home » Interoperability » How to supply a "Service-Type" via TekRADIUS

Interoperability with RADIUS clients & servers
show rated messages only |
17.08.2010 18:32:05

Daniel.Lukic
Daniel.Lukic
Posts: 6 		Hi Forum!
I'm currently configuring some HP ProCurve switches to authenticate via TekRADIUS. The RADIUS-Authentication works like a charm, in general. But there is still an annoying effect with those switches: The admins have to enter their credentials twice!!! Once for the login-context and once for the privilege-mode- / enable-context.
For example:
username: admin
password: *********
switch> enable
username: admin
password: *********
switch#
HP offers a feature to supply the privilege-level via RADIUS. They say RADIUS needs to specify the "Service-Type" attribute with the user credentials to make that work. Plus you need to enable privilege-mode first, using the command "aaa authentication login privile-mode".
Specifically, they say:
Service-Type = 6 allows manager-level access
Service-Type = 7 allows operator-level access
To users with Service-Type not equal 6 or 7 and users with no Service-Type attribute supplied, access is denied if privilege-mode is enabled.
This is what i've done so far:
1. I enabled the privilege-mode on the switch (using the mentioned aaa command) and confirmed that i can't login to this switch anymore.
2. Then i added "Check" "Service-Type" attribute with value "Administrative" to the "admin"-user in TekRADIUS, but that didn't workout.
3. So, i reverted my changes.
I feel that using the "Check"-method is not the right way. In my opinion i should configure TekRADIUS to send the Service-Type unconditionally, but i don't know how to configure this in TekRADIUS.
Can anybody point me into the right direction?
Thanks!
Daniel
0 permalink
18.08.2010 09:08:35

Admin
Admin
Administrator
Posts: 1684 		Hi,

Please try adding Service-Type attribute as a Success-Reply attrbiute in the user profile.

Best regards,

Yasin KAPLAN
0 permalink
18.08.2010 11:27:33

Daniel.Lukic
Daniel.Lukic
Posts: 6 		Hi Yasin,
thank you for your help. What you suggested works perfectly for me.
Regards, Daniel
0 permalink
18.08.2010 13:31:41

Admin
Admin
Administrator
Posts: 1684 		You welcome
0 permalink
show rated messages only |


Home » Interoperability » How to supply a "Service-Type" via TekRADIUS




Powered by Jitbit Forum 7.2.3.0 © 2006-2011 Jitbit Software