Users login by RADIUS, how to manage different users operation rights

Created: Dec 28, 2017 06:24:57Latest reply: Mar 20, 2018 13:52:14 1353 2 0 0
  Rewarded Hi-coins: 0 (problem resolved)
Hi all,

Request to know how to configure users operation rights that authenticated from RADIUS.

Windows Server 2012 as RADIUS Server and Domain.
Switch S5700 as RADIUS Client.

Switch configured RADIUS pointing to RADIUS Server and Domain configuration, test-aaa / login via console&telnet successful, but all users get monitoring level only.

After configured "admin-user privilega level 15" in Service Schema and configured into Domain, all users login successful and get full-access level.

Example:
User A and User B, their username / password created in Windows Server 2012, both user able to connect to switch via console / telnet, both of them get full-access level as mentioned above.

Question:
What if user B operation rights was able to monitoring only, what action need to be take in order to make this happened?


TQVM.
  • x
  • convention:

Featured Answers
StarOfWest
Created Mar 20, 2018 13:52:14 Helpful(0) Helpful(0)

Hi,

Usually the privilege level should be set from radius server. Please refer to the following KB. It's using TACACs but the idea is the same.

http://support.huawei.com/enterprise/en/knowledge/EKB1000092682
  • x
  • convention:

“We only get answers to the questions that we ask.” physicist Werner Heisenberg
All Answers
WoodWood
WoodWood Created Dec 29, 2017 09:07:51 Helpful(0) Helpful(0)

waiting for help
  • x
  • convention:

StarOfWest
StarOfWest Created Mar 20, 2018 13:52:14 Helpful(0) Helpful(0)

Hi,

Usually the privilege level should be set from radius server. Please refer to the following KB. It's using TACACs but the idea is the same.

http://support.huawei.com/enterprise/en/knowledge/EKB1000092682
  • x
  • convention:

“We only get answers to the questions that we ask.” physicist Werner Heisenberg

Reply

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login