authenticate cisco nexus 5000 with freeradius

[Majed Zouhairy]

On 2/27/24 16:11, Alan DeKok wrote:
> On Feb 27, 2024, at 4:37 AM, Majed Zouhairy <m_zouhairy at ckta.by> wrote:
>>
>> Peace, according to
>> https://community.cisco.com/t5/security-knowledge-base/nexus-integration-for-admin-access-with-free-radius/ta-p/3138329
> 
>    That's from 2013.  And assumes a particular set of requirements.
> 
>> the freeradius configuration is as such:
> 
>    It's not good to copy random things from the net and hope that they work.
> 
>    It's better to read the documentation and understand how it works.
> 
>> DEFAULT Group == cisco-rw, Auth-Type = System
>>
>>         Service-Type = NAS-Prompt-User,
>>
>>         cisco-avpair := "shell:roles*\"network-admin vdc-admin\"",
>>
>> but it does not mention what section of freeradius to modify,
> 
>    If you understand how the server works (which is the recommended approach), then the place is obvious.
> 
>> i tried adding all the information to the user, but then free radius wouldn't restart. which means Default group needs to be added to a different section.
> 
>    No.
> 
>    The server gives a very clear error.  If you read the error, you'll see what's wrong.
> 
>    You should read this:  http://wiki.freeradius.org/list-help
> 
>    It explains what information we need to help you.
> 
>    You should also try explaining what you want to do.  i.e. describe your requirements, and maybe we can help you meet the requirements.  That's a much better approach than saying "I followed a 10 year-old blog post and it didn't work".
> 
>    Alan DeKok.
>

i'm trying to authenticate an old 5k nexus cisco switch with freeradius, 
but when i enable aaa authentication, i get the error: command not 
permitted for the current role. it is obvious that an av pair is needed 
with network operator role for aaa to work, now the question is what is 
needed to be added to freeradius so that the avpair is activated?
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html