【Problem Description】
1. We are not able to create the user credential under AAA. We are getting Error message of "Wrong parameter found at ^ position".
2. We also noticed that it showing ~ before the hostname of SW which might have some alarm or significance.
【Problem Analysis】
1. As we checked, the username only has 4 characters, for our security rule, the name should be at least 6 characters.
Parameter
|
Description
|
Value
|
user-name |
Specifies the username. |
The value is a character string in format user name+domain name delimiter+domain name. For example, in admin@huawei.com, @ is the domain name delimiter. The user name and domain name are case-insensitive, and cannot contain spaces and the following characters: / \ : * ? " < > | @ ' %. When security policy is enabled for local account, the value of user-name is a string of 6-253 characters; when security policy is disabled for local account, the value of user-name is a string of 1-253 characters. If no delimiter is specified, the system considers the entire character string as user name and the user belongs to the default domain. NOTE: After the security policy is disabled for local account, the * symbol can be used as a wildcard to match created user names and change passwords for the users in a batch. |
2. When we disable security-enhance, the username can be configured as 1-253 characters.
<HUAWEI> system-view
[~HUAWEI] aaa
[~HUAWEI-aaa] undo local-user policy security-enhance |
3. The character “~” means you are in configuration mode. The character “*” means you need to commit the configuration otherwise the new configuration will not take effect.
【Root Cause】
For security rule, the username should be at least 6 characters.
【Solution Description】
Run command “undo local-user policy security-enhance” to disable security-enhance, then the username can use 1-253 characters.