Nexus Configurations

Darren Shaw D.Shaw at hud.ac.uk
Thu May 5 12:47:05 CEST 2011


Hello David,

Thanks for the syntax. Sadly this still does not work. The free radius server will authenticate me as a user but the 5K wants me as an operator and not admin.

If you have the 5K working, could I be cheeky and ask if you could mail me the radius config on your 5K

thanks

Rgds
Darren Shaw
The Network Team
Computing Services
University of Huddersfield
Queensgate
Huddersfield
HD1 3DH

TEL: 01484 471317
MOBILE: 07792 773807

-----Original Message-----
From: freeradius-users-bounces+d.shaw=hud.ac.uk at lists.freeradius.org [mailto:freeradius-users-bounces+d.shaw=hud.ac.uk at lists.freeradius.org] On Behalf Of David Mitchell
Sent: 04 May 2011 15:14
To: FreeRadius users mailing list
Subject: Re: Nexus Configurations


On May 4, 2011, at 4:48 AM, Darren Shaw wrote:

> Good Morning
>
> I am new to this forum and to the workings of FreeRadius and I have a query around the Cisco Nexus family.
>
> Currently we have all our switches and routers authentication to FreeRadius and all seems to be working. The problem comes when I want to authenticate my Nexus 7K and 5K's.  The 7Ks and 5Ks will authenticated me but the Nexus puts me in an operator role and not in an administrator's role.
>
> According to Cisco I have to place the following into
>
> /usr/local/etc/raddb/sites-available/default
>
> Cisco-AVPair = "shell:roles=\"network-operator vdc-admin\""
> Cisco-AVPair = "shell:roles*\"network-operator vdc-admin\""
> Cisco-AVPair = "shell:roles=\"network-admin vdc-admin\""
> Cisco-AVPair = "shell:roles*\"network-admin\""

This is what I'm adding to the replies for Nexus 5K's. I don't have any 7K's but I'd be surprised if
they were any different. I have not tried to send two roles so I can't confirm the syntax for that.

        Cisco-AVPair += "shell:roles=network-admin",
        Service-Type := Administrative-User,

-David Mitchell

>
>
> The current service type is = Administrative -User
>
> I have tried each AVPair and nothing works. Has anyone else had this issue?
>
> If anyone has any advice I would be really grateful.
>
> Thanks
>
>
>
> Rgds
> Darren Shaw
> The Network Team
> Computing Services
> University of Huddersfield
> Queensgate
> Huddersfield
> HD1 3DH
>
> TEL: 01484 471317
> MOBILE: 07792 773807
>
>
>
>   ________________________________
>
> ---
> This transmission is confidential and may be legally privileged. If you receive it in error, please notify us immediately by e-mail and remove it from your system. If the content of this e-mail does not relate to the business of the University of Huddersfield, then we do not endorse it and will accept no liability.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-----------------------------------------------------------------
| David Mitchell (mitchell at ucar.edu)       Network Engineer IV  |
| Tel: (303) 497-1845                      National Center for  |
| FAX: (303) 497-1818                      Atmospheric Research |
-----------------------------------------------------------------




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


---
This transmission is confidential and may be legally privileged. If you receive it in error, please notify us immediately by e-mail and remove it from your system. If the content of this e-mail does not relate to the business of the University of Huddersfield, then we do not endorse it and will accept no liability.




More information about the Freeradius-Users mailing list