Troubleshooting Rbac; Local Users Have More Access Permissions Than Intended; Login Attempts By Radius Users Always Fail - HPE FlexFabric 5940 Series Configuration Manual

Fundamentals configuration guide

Hide thumbs Also See for FlexFabric 5940 Series:

Security configuration manual (571 pages)

Configuration manual (334 pages)

Fundamentals command reference (289 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

Table of Contents

User privilege role is network-admin, and only those commands that authorized to the

role can be used.

# If the ACS server does not respond, enter local authentication password abcdef654321 at the

prompt.

Invalid configuration or no response from the authentication server.

Change authentication mode to local.

Password:

User privilege role is network-admin, and only those commands that authorized to the

role can be used.

The output shows that you have obtained the network-admin user role.

Troubleshooting RBAC

This section describes several typical RBAC issues and their solutions.

Local users have more access permissions than intended

Symptom

A local user can use more commands than should be permitted by the assigned user roles.

Analysis

The local user might have been assigned to user roles without your knowledge. For example, the

local user is automatically assigned the default user role when you create the user.

Solution

To resolve the issue:

Use the display local-user command to examine the local user accounts for undesirable user

roles, and remove them.

If the issue persists, contact Hewlett Packard Enterprise Support.

Login attempts by RADIUS users always fail

Symptom

Attempts by a RADIUS user to log in to the network access device always fail, even though the

following conditions exist:

•

The network access device and the RADIUS server can communicate with one another.

•

All AAA settings are correct.

Analysis

RBAC requires that a login user have a minimum of one user role. If the RADIUS server does not

authorize the login user to use any user role, the user cannot log in to the device.

Solution

To resolve the issue:

Use one of the following methods:

Configure the role default-role enable command. A RADIUS user can log in with the

default user role when no user role is assigned by the RADIUS server.

Add the user role authorization attributes on the RADIUS server.

If the issue persists, contact Hewlett Packard Enterprise Support.

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Troubleshooting

This manual is also suitable for:

Flexfabric 5950 series

Troubleshooting Rbac; Local Users Have More Access Permissions Than Intended; Login Attempts By Radius Users Always Fail - HPE FlexFabric 5940 Series Configuration Manual

Troubleshooting RBAC

Local users have more access permissions than intended

Login attempts by RADIUS users always fail

Hide quick links:

Troubleshooting

Related Manuals for HPE FlexFabric 5940 Series

Related Content for HPE FlexFabric 5940 Series

This manual is also suitable for:

Table of Contents