No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

How to assign privilege level on CE5855 from NPS Radius ?

Publication Date:  2018-03-08 Views:  719 Downloads:  0
Issue Description

Customer was using NPS Radius to authenticate the SSH users but he desired to know how to send the privilege level from the Microsoft NPS Radius.
He wanted to know which attribute can be used to set the level privilege for the users created on the Radius.
The configuration for SSH via Radius was working ok, but they got the users got the default level of privilege, 15.

radius server group group_radius
radius server shared-key-cipher ....

radius server authentication X.X.X.2 1812

aaa

user-name minimum-length 1

undo local-user policy security-enhance

local-user netadmin password irreversible-cipher ....

local-user netadmin service-type ssh

local-user netadmin level 3

local-user netman password irreversible-cipher.....

local-user netman service-type ssh

local-user netman level 3

#

authentication-scheme default

#

authentication-scheme test_aaa

authentication-mode local radius

#

authorization-scheme default

#

accounting-scheme default

#

domain default

#

domain default_admin

#

domain domain.com

authentication-scheme test_aaa

radius server group group_radius

#

user-interface vty 0 4

authentication-mode aaa

protocol inbound ssh

#


Solution

I advised the customer to use this Radius atribute, but since it's Huawei proprietary attribute, the customer had to create the attribute for different vendors: 


In NPS, the attribute should be created like below, this is just an example with a Cisco attribute: 

After using this attribute the privilege level of the users created on Radius was changed accordingly.

END