h3c radius telnet登录没有权限
- 0关注
- 1收藏,4081浏览
问题描述:
radius环境是centos7+freeradius3.0,IP是10.9.4.11
/etc/raddb/users内容如下:
test Cleartext-Password := test
Service-Type = Login-User,
Login-Service = Telnet,
H3C-Exec-Privilege = 3
/etc/raddb/clients.conf内容如下:
client 10.0.0.0/8 {
secret = Secret
shortname = h3c
}
以调试模式运行radius:
radiusd -X
服务器上另开一终端测试如下:
radtest test test 10.9.4.11 0 Secret
Sent Access-Request Id 84 from 0.0.0.0:35239 to 10.9.4.11:1812 length 74
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 10.9.4.11
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "test"
Received Access-Accept Id 84 from 10.9.4.11:1812 to 0.0.0.0:0 length 44
Service-Type = Login-User
Login-Service = Telnet
H3C-Exec-Privilege = 3
交换机是H3C s5120v2,配置之前使用了reset sa重置设备。
<H3C>dis version
H3C Comware Software, Version 7.1.070, Release 6113
有关radius配置如下:
radius scheme telnetlogin
primary authentication 10.9.4.11
key authentication simple Secret
user-name-format without-domain
nas-ip 10.9.4.2
quit
domain system
authentication login radius-scheme telnetlogin local
authorization login radius-scheme telnetlogin local
accounting login none
quit
user-interface vty 0 4
authentication-mode scheme
quit
交换机打开了调试模式:
<H3C>debugging radius all
<H3C>debugging telnet server
<H3C>terminal monitor
<H3C>terminal debugging
当telnet登录时输入用户名和密码都是test,在交换机上能看到如下消息:
*Jan 1 03:02:27:810 2013 H3C RADIUS/7/EVENT:
Decoded reply packet successfully.
*Jan 1 03:02:27:810 2013 H3C RADIUS/7/PACKET:
Service-Type=Login-User
Login-Service=Telnet
H3c-Exec-Privilege=3
*Jan 1 03:02:27:811 2013 H3C RADIUS/7/PACKET:
02 ac 00 2c aa f2 87 f2 73 5f fc 7d af 22 d3 27
41 aa 7a 7a 06 06 00 00 00 01 0f 06 00 00 00 00
1a 0c 00 00 63 a2 1d 06 00 00 00 03
*Jan 1 03:02:27:815 2013 H3C RADIUS/7/EVENT:
PAM_RADIUS: Fetched authentication reply-data successfully, resultCode: 0
*Jan 1 03:02:27:815 2013 H3C RADIUS/7/EVENT:
PAM_RADIUS: Received authentication reply message, resultCode: 0
*Jan 1 03:02:27:817 2013 H3C RADIUS/7/EVENT:
Sent reply message successfully.
*Jan 1 03:02:27:818 2013 H3C RADIUS/7/EVENT:
PAM_RADIUS: Processing RADIUS authorization.
*Jan 1 03:02:27:819 2013 H3C RADIUS/7/EVENT:
PAM_RADIUS: RADIUS Authorization successfully.
%Jan 1 03:02:28:495 2013 H3C SHELL/5/SHELL_LOGIN: test logged in from 10.9.4.95.
在radius服务器显示如下消息:
(1) Sent Access-Accept Id 172 from 10.9.4.11:1812 to 10.9.4.2:20045 length 0
(1) Service-Type = Login-User
(1) Login-Service = Telnet
(1) H3C-Exec-Privilege = 3
(1) Finished request
但是telnet终端没有任何权限执行命令:
login: test
Password:
<H3C>?
User view commands:
erase Alias for 'delete'
exit Alias for 'quit'
no Alias for 'undo'
quit Exit from current command view
show Alias for 'display'
system-view Enter the System View
write Alias for 'save'
<H3C>dis cur
Permission denied.
<H3C>
H3C-Exec-Privilege其值从0到15都试过了都不行,有高人指点下吗?
- 2019-05-24提问
- 举报
-
(0)
最佳答案
二楼的,交换机的调试信息里有输出:
Service-Type=Login-User
Login-Service=Telnet
H3c-Exec-Privilege=3
这是收到了下发的权限吧。怀疑 H3c-Exec-Privilege这个属性在v7的交换机中已经无效了。我又不知新版的是用什么属性来表示权限。
配置是参照这篇文章做的:
***.***/p/4358e9e47b0c
知了社区也有另一人提了同样的问题。
- 2019-05-24回答
- 评论(0)
- 举报
-
(0)
暂无评论
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论