AC旁挂核心,AP是二层注册
现场需要在将终结者本体上的问题传送到AC上,需要使用copyftp的方法。在AC上创建ftp server,并且创建本地用户,但是终结者本体上操作上传文件失败。报错Failed to finish the operation because of file transfer error.
看到报错后,检查copy的命令输入是否正确,同时在ac上查看ftp的配置是否正常,local user的用户名和密码是否正常。在检查前面几项都没有发现异常,但是看到本地用户authorization-attribute user-role network-operator,怀疑与用户权限有关。查看命令手册发现,该权限下没有copy ftp 的命令权限。
Role: network-operator
Description: Predefined network operator role has access to all read commands on the device
VLAN policy: Permit (default)
Interface policy: Permit (default)
VPN instance policy: Permit (default)
Location policy: Permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit command display *
sys-2 permit command xml
sys-3 deny command display history-command all
sys-4 deny command display exception *
sys-5 deny command display cpu-usage configuration
*
sys-6 deny command display kernel exception *
sys-7 deny command display kernel deadloop *
sys-8 deny command display kernel starvation *
sys-9 deny command display kernel reboot *
sys-12 permit command system-view ; local-user *
sys-14 permit R-- web-menu -
sys-15 permit RW- web-menu m_device/m_maintenance/m_changep
assword
sys-16 permit R-- xml-element -
sys-17 deny command display security-logfile summary
sys-18 deny command system-view ; info-center securi
ty-logfile directory *
sys-19 deny command security-logfile save
sys-20 deny command system-view ; local-user-import
*
sys-21 deny command system-view ; local-user-export
*
sys-22 permit R-- oid 1
R:Read W:Write X:Execute
将用户调整成authorization-attribute user-role level-15(最好权限)后,copy ftp可以正常使用。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作