Problem Description
1. We are not able to create the user credential under AAA. We are getting the Error message of 'Wrong parameter found at ^ position'.
2. We also noticed that it showing ~ before the hostname of SW which might have some alarm or significance.
Problem Analysis
As we checked, the username only has 4 characters, for our security rule, the name should be at least 6 characters.
Parameter | Description | Value |
user-name | Specifies the username. | The value is a character string in the format user name+domain name delimiter+domain name. For example, in admin@huawei.com, @ is the domain name delimiter. The user name and domain name are case-insensitive, and cannot contain spaces and the following characters: / \ : * ? " < > | @ ' %. When security policy is enabled for local account, the value of user-name is a string of 6-253 characters; when security policy is disabled for local account, the value of user-name is a string of 1-253 characters. If no delimiter is specified, the system considers the entire character string as user name and the user belongs to the default domain. NOTE: After the security policy is disabled for local account, the * symbol can be used as a wildcard to match created user names and change passwords for the users in a batch. |
2. When we disable security enhance, the username can be configured as 1-253 characters.
<HUAWEI> system-view [~HUAWEI] aaa [~HUAWEI-aaa] undo local-user policy security-enhance |
3.The character '~' means you are in configuration mode. The character “*” means you need to commit the configuration otherwise the new configuration will not take effect.
Root Cause
For security rule, the username should be at least 6 characters.
Solution Description
Run command 'undo local-user policy security-enhance' to disable security-enhanced, then the username can use 1-253 characters.
