Joel Bergmark
2016-03-07 21:38:29 UTC
Hello all,
I've got quite stuck regarding reply-attributes to get privileged when logging on to a HP/Comware firmware switch (HP, Huawei, 3com etc). I run Daloradius as frontend.
Basically what I want is to have something similar to the "Cisco AVPair shell:priv-lvl=15".
So the radius server is working and I can login to the HP in question, I have googled this for hours and tried much but to no resolution, examples is like: http://certifiedgeek.weebly.com/blog/ssh-radius-authentication-with-hp-comware-and-freeradius
Also tried a number of variants including Cisco AVPair, most of time tried variants of this:
NAS-Prompt-User
Huawei-Exec-Privilege = "3"
rlm_sql: Failed to create the pair: Unknown attribute "NAS-Prompt-User" requires a hex string, not "Huawei-Exec-Privilege = "3""
3Com-User-Access-Level
HP-Privelege-Level = 3
rlm_sql: Failed to create the pair: Unknown value HP-Privelege-Level = 3 for attribute 3Com-User-Access-Level
3Com-User-Access-Level
HP-Privelege-Level = 3
rlm_sql: Failed to create the pair: Unknown value 3Com-User-Access-Level = 3 for attribute 3Com-User-Access-Level
Basically debug gives me same issue, "failed to create the pair: Unknown value <reply attribute> for <attribute> like this:
(...)
[sql] expand: %{User-Name} -> hua
[sql] sql_set_user escaped user --> 'hua'
rlm_sql (sql): Reserving sql socket id: 0
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'hua' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'hua' ORDER BY id
rlm_sql: Failed to create the pair: Unknown value Huawei-Exec-Privilege = "3" for attribute Huawei-Exec-Privilege
rlm_sql (sql): Error getting data from database
[sql] SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 0
++[sql] returns fail
Invalid user: [user/password] (from client dr1.xyz port 0 cli 00-00-00-00-00-00)
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> hua
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 39 to X8.X3.3X.65 port 2888
This leads me to believe that there is something with the dictionary not working correct, I have tried to figure out the dictionary stuff but not sure on how to troubleshoot it. And I also have started a thread at the HP-forums to see if anyone not running windows have got it to work.
Thanks for any assistance, and if solved I will as before update the wiki :-)
Kind regards, Joel
-
List info/subscribe/unsubscribe? See http://www.fre
I've got quite stuck regarding reply-attributes to get privileged when logging on to a HP/Comware firmware switch (HP, Huawei, 3com etc). I run Daloradius as frontend.
Basically what I want is to have something similar to the "Cisco AVPair shell:priv-lvl=15".
So the radius server is working and I can login to the HP in question, I have googled this for hours and tried much but to no resolution, examples is like: http://certifiedgeek.weebly.com/blog/ssh-radius-authentication-with-hp-comware-and-freeradius
Also tried a number of variants including Cisco AVPair, most of time tried variants of this:
NAS-Prompt-User
Huawei-Exec-Privilege = "3"
rlm_sql: Failed to create the pair: Unknown attribute "NAS-Prompt-User" requires a hex string, not "Huawei-Exec-Privilege = "3""
3Com-User-Access-Level
HP-Privelege-Level = 3
rlm_sql: Failed to create the pair: Unknown value HP-Privelege-Level = 3 for attribute 3Com-User-Access-Level
3Com-User-Access-Level
HP-Privelege-Level = 3
rlm_sql: Failed to create the pair: Unknown value 3Com-User-Access-Level = 3 for attribute 3Com-User-Access-Level
Basically debug gives me same issue, "failed to create the pair: Unknown value <reply attribute> for <attribute> like this:
(...)
[sql] expand: %{User-Name} -> hua
[sql] sql_set_user escaped user --> 'hua'
rlm_sql (sql): Reserving sql socket id: 0
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'hua' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'hua' ORDER BY id
rlm_sql: Failed to create the pair: Unknown value Huawei-Exec-Privilege = "3" for attribute Huawei-Exec-Privilege
rlm_sql (sql): Error getting data from database
[sql] SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 0
++[sql] returns fail
Invalid user: [user/password] (from client dr1.xyz port 0 cli 00-00-00-00-00-00)
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> hua
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 39 to X8.X3.3X.65 port 2888
This leads me to believe that there is something with the dictionary not working correct, I have tried to figure out the dictionary stuff but not sure on how to troubleshoot it. And I also have started a thread at the HP-forums to see if anyone not running windows have got it to work.
Thanks for any assistance, and if solved I will as before update the wiki :-)
Kind regards, Joel
-
List info/subscribe/unsubscribe? See http://www.fre