Opened 10 years ago
Closed 9 years ago
#198 closed (fixed)
No adminstative/privileged access for ExoGENI rack switches
| Reported by: | lnevers@bbn.com | Owned by: | somebody |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | AM | Version: | SPIRAL6 |
| Keywords: | Cc: | ||
| Dependencies: |
Description
This was missed in testing the GPO and RENCI racks administrative access.
Having administrative access to the head node allows user to login to the management and dataplane switches, but does not allows "enable" access (Turn on privileged commands):
lnevers@uh-hn ~]$ id uid=2107(lnevers) gid=2000(nonrenci) groups=2000(nonrenci),2501(uhadmins),9510(bbnadmins) [lnevers@uh-hn ~]$ ssh lnevers@uh-8264.uh.xo Enter radius password: IBM Networking Operating System RackSwitch G8264. uh-8264.uh.xo>ena Enable access using (oper) credentials restricted to admin accounts only. uh-8264.uh.xo>exit ... [lnevers@uh-hn ~]$ ssh lnevers@uh-8052.uh.xo Enter radius password: IBM Networking Operating System RackSwitch G8052. uh-8052.uh.xo>ena Enable access using (oper) credentials restricted to admin accounts only. uh-8052.uh.xo>
Change History (6)
comment:1 Changed 10 years ago by
- Should an administrative account have administrative access on switches?
- Found different behavior on UFL rack:
- The management switch fails as with other racks:
- The OpenFlow switch reject the connections:
comment:2 Changed 10 years ago by
Still no "enable" access on all switches except on the switch ufl-8264, where it still rejects connections
[lnevers@ufl-hn ~]$ ssh ufl-8264.ufl.xo Enter radius password: Connection closed by 192.168.110.4 [lnevers@ufl-hn ~]$
(ufl-8264.ufl.xo login works)
comment:3 Changed 9 years ago by
I've made some updates to the Radius config, which I am hopeful will clear up these issues.
comment:4 Changed 9 years ago by
Still not able to get admistrative (enable) access on the Houston rack:
[lnevers@uh-hn ~]$ ssh lnevers@uh-8264.uh.xo Enter radius password: IBM Networking Operating System RackSwitch G8264. uh-8264.uh.xo>ena Enable access using (oper) credentials restricted to admin accounts only. uh-8264.uh.xo>
also same lack of enable access on UFL rack:
[lnevers@ufl-hn ~]$ ssh ufl-8264.ufl.xo Enter radius password: IBM Networking Operating System RackSwitch G8264. ufl-8264.ufl.xo>ena Enable access using (oper) credentials restricted to admin accounts only. ufl-8264.ufl.xo>
Additionally, I am no longer able to login to head node fiu-hn.exogeni.net, seems my account is no longer enabled at the site.
comment:5 Changed 9 years ago by
Verified enable access to Houston Rack switch:
[lnevers@uh-hn ~]$ ssh lnevers@uh-8264.uh.xo Enter radius password: IBM Networking Operating System RackSwitch G8264. uh-8264.uh.xo>ena Enable privilege granted. uh-8264.uh.xo#
and UFL:
[lnevers@ufl-hn ~]$ ssh ufl-8264.ufl.xo Enter radius password: IBM Networking Operating System RackSwitch G8264. ufl-8264.ufl.xo>ena Enable privilege granted. ufl-8264.ufl.xo#
Waiting on login access at FIU head node.
comment:6 Changed 9 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Was able to get enable access on FIU, UFL and UH rack switches to complete New Site Administrative tests. Issue is resolved closing ticket.
