Nexus Configurations
David Mitchell
mitchell at ucar.edu
Thu May 5 16:35:23 CEST 2011
On May 5, 2011, at 4:47 AM, Darren Shaw wrote:
> Hello David,
>
> Thanks for the syntax. Sadly this still does not work. The free radius server will authenticate me as a user but the 5K wants me as an operator and not admin.
>
> If you have the 5K working, could I be cheeky and ask if you could mail me the radius config on your 5K
There isn't anything in the radius config that enables this as far as I can tell. Do you have a
local account on the 5K? That might override the info from the RADIUS server. Run the command
'show user-account' after logging in. For me, it indicates that the account was created via remote
authentication. I assume you have run the radius server in debug mode to verify that the attributes
are actually in the access accept packets sent back to the switch?
-David Mitchell
>
> thanks
>
> Rgds
> Darren Shaw
> The Network Team
> Computing Services
> University of Huddersfield
> Queensgate
> Huddersfield
> HD1 3DH
>
> TEL: 01484 471317
> MOBILE: 07792 773807
>
> -----Original Message-----
> From: freeradius-users-bounces+d.shaw=hud.ac.uk at lists.freeradius.org [mailto:freeradius-users-bounces+d.shaw=hud.ac.uk at lists.freeradius.org] On Behalf Of David Mitchell
> Sent: 04 May 2011 15:14
> To: FreeRadius users mailing list
> Subject: Re: Nexus Configurations
>
>
> On May 4, 2011, at 4:48 AM, Darren Shaw wrote:
>
>> Good Morning
>>
>> I am new to this forum and to the workings of FreeRadius and I have a query around the Cisco Nexus family.
>>
>> Currently we have all our switches and routers authentication to FreeRadius and all seems to be working. The problem comes when I want to authenticate my Nexus 7K and 5K's. The 7Ks and 5Ks will authenticated me but the Nexus puts me in an operator role and not in an administrator's role.
>>
>> According to Cisco I have to place the following into
>>
>> /usr/local/etc/raddb/sites-available/default
>>
>> Cisco-AVPair = "shell:roles=\"network-operator vdc-admin\""
>> Cisco-AVPair = "shell:roles*\"network-operator vdc-admin\""
>> Cisco-AVPair = "shell:roles=\"network-admin vdc-admin\""
>> Cisco-AVPair = "shell:roles*\"network-admin\""
>
> This is what I'm adding to the replies for Nexus 5K's. I don't have any 7K's but I'd be surprised if
> they were any different. I have not tried to send two roles so I can't confirm the syntax for that.
>
> Cisco-AVPair += "shell:roles=network-admin",
> Service-Type := Administrative-User,
>
> -David Mitchell
>
>>
>>
>> The current service type is = Administrative -User
>>
>> I have tried each AVPair and nothing works. Has anyone else had this issue?
>>
>> If anyone has any advice I would be really grateful.
>>
>> Thanks
>>
>>
>>
>> Rgds
>> Darren Shaw
>> The Network Team
>> Computing Services
>> University of Huddersfield
>> Queensgate
>> Huddersfield
>> HD1 3DH
>>
>> TEL: 01484 471317
>> MOBILE: 07792 773807
>>
>>
>>
>> ________________________________
>>
>> ---
>> This transmission is confidential and may be legally privileged. If you receive it in error, please notify us immediately by e-mail and remove it from your system. If the content of this e-mail does not relate to the business of the University of Huddersfield, then we do not endorse it and will accept no liability.
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
> -----------------------------------------------------------------
> | David Mitchell (mitchell at ucar.edu) Network Engineer IV |
> | Tel: (303) 497-1845 National Center for |
> | FAX: (303) 497-1818 Atmospheric Research |
> -----------------------------------------------------------------
>
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
> ---
> This transmission is confidential and may be legally privileged. If you receive it in error, please notify us immediately by e-mail and remove it from your system. If the content of this e-mail does not relate to the business of the University of Huddersfield, then we do not endorse it and will accept no liability.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-----------------------------------------------------------------
| David Mitchell (mitchell at ucar.edu) Network Engineer IV |
| Tel: (303) 497-1845 National Center for |
| FAX: (303) 497-1818 Atmospheric Research |
-----------------------------------------------------------------
More information about the Freeradius-Users
mailing list