Got it

The SSH connection via Microsoft NPS with active directory user on Huawei S5720

Latest reply: Jun 8, 2018 07:21:28 2572 5 0 0 0

Hi there, Community!


This post is about the SSH connection via Microsoft NPS active directory user on Huawei S5720. Please see more details below.


Huawei S5720


ISSUE DESCRIPTION


I want to enable the SSH connection via Microsoft NPS with my active directory users.


It works on the H3C switch, but I cannot make it work on the Huawei S5720 switch.


POSSIBLE SOLUTION


Maybe the problem is the NPS site. I've investigated on the web vendor-code of the Huawei NPS policy vendor specific site, but I did not find anything. For example; h3c vendor-code:2011.


The configuration is simple; here is my configuration:


radius-server template radius
 radius-server shared-key cipher %^%#J>6@!pG!|7}(TDNU+m$9o,4SM"m7rD|&(T/4~r}'%^%#
 radius-server authentication 10.69.100.52 1812 weight 80
 radius-server accounting 10.69.100.52 1813 weight 80
 radius-server timeout 3
 undo radius-server user-name domain-included
 radius-attribute disable Login-Service receive
#
aaa
 authentication-scheme radius
  authentication-mode radius local
  authentication-super none
 authorization-scheme radius
  authorization-mode  none
 accounting-scheme default
 domain default                           
  authentication-scheme radius
  radius-server radius
 domain default_admin
  radius-server radius


user-interface vty 0 4
 authentication-mode aaa
 protocol inbound all


Thank you for your help in this issue of the SSH connection via Microsoft NPS active directory user on Huawei S5720!
  • x
  • convention:

StarOfWest
Created May 29, 2018 07:16:08

Hi,

Vendor code it's correct - 2011.

This is my configuration for SSH connection on CloudEngine switch series. It's working:

radius server group group_radius
radius server shared-key-cipher ....
radius server authentication X.X.X.2 1812

aaa
user-name minimum-length 1
undo local-user policy security-enhance
local-user netadmin password irreversible-cipher ....
local-user netadmin service-type ssh
local-user netadmin level 3
local-user netman password irreversible-cipher.....
local-user netman service-type ssh
local-user netman level 3
#
authentication-scheme default
#
authentication-scheme test_aaa
authentication-mode local radius
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
domain default_admin
#
domain domain.com
authentication-scheme test_aaa
radius server group group_radius
#
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
#

Also, not that HW-Exec-Privilege needs to be configured, attribute no 26-29.
View more
  • x
  • convention:

“We only get answers to the questions that we ask.” physicist Werner Heisenberg
StarOfWest
Created Jun 6, 2018 06:18:21

Has the problem been solved?
View more
  • x
  • convention:

“We only get answers to the questions that we ask.” physicist Werner Heisenberg
enderkarazeybek
Created Jun 6, 2018 09:29:12

yes, my problem was solved.
thank you for your help.
View more
  • x
  • convention:

StarOfWest
Created Jun 7, 2018 06:19:03

If my answer helped you, please mark it as "Best Answer"
View more
  • x
  • convention:

“We only get answers to the questions that we ask.” physicist Werner Heisenberg
Torrent
Created Jun 8, 2018 07:21:28

The SSH connection via Microsoft NPS with active directory user on Huawei S5720-2680143-1good
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.