Hi guys,
did a search on the read-only topic but had no luck so could really appreciate your help here.
i wanted to know what are the methods for me to create an user login for a read-only access (show configuration snapshot, show vlan port, show interfaces port, these kind of stuff)? could i use tacacs server or must it be local user created in the switch?
is there any exec (shell) commands in alcatel omniswitch 6850? i am using these commands on Cisco IOS switches for a read-only access (show run only) for an user created in tacacs server with priviledge 15:
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
thanks!!
Read Only access for a user
Re: Read Only access for a user
try this:
> user test-user password test-pw read-only all
with following command you can say where the user is to find - depends from access method (http, telnet ...)
> aaa authentication ?
> aaa authentication telnet ?
local means local database (usertable) etc.
Auth. server (f.e. radius or tacacs) you have to create before
> aaa radius-server "rad1" host 192.168.100.1 key testkey ....
Please read the docu - all infos you can find there.
Silvio
Silvio
> user test-user password test-pw read-only all
with following command you can say where the user is to find - depends from access method (http, telnet ...)
> aaa authentication ?
> aaa authentication telnet ?
local means local database (usertable) etc.
Auth. server (f.e. radius or tacacs) you have to create before
> aaa radius-server "rad1" host 192.168.100.1 key testkey ....
Please read the docu - all infos you can find there.
Silvio
Silvio
-
ferryc
Re: Read Only access for a user
Hi Silvio,
thanks for the reply. but it is still not working. i have these 2 tacacs server configured into my switch.
aaa tacacs+-server "tacacs" host xx.xx.xx.xx key "xxx" port 49 timeout 10
aaa tacacs+-server "tacacs2" host xx.xx.xx.xx key "xxx" port 49 timeout 10
aaa authentication default "tacacs" "tacacs2" "local"
aaa authentication console "tacacs" "tacacs2" "local"
aaa authentication telnet "tacacs" "tacacs2" "local"
i have created a local user for read-only access and local aaa authentication for telnet. but i cant login with that newly created user. it will say Authentication Failed. any more idea guys? please help.
thank you very much!
thanks for the reply. but it is still not working. i have these 2 tacacs server configured into my switch.
aaa tacacs+-server "tacacs" host xx.xx.xx.xx key "xxx" port 49 timeout 10
aaa tacacs+-server "tacacs2" host xx.xx.xx.xx key "xxx" port 49 timeout 10
aaa authentication default "tacacs" "tacacs2" "local"
aaa authentication console "tacacs" "tacacs2" "local"
aaa authentication telnet "tacacs" "tacacs2" "local"
i have created a local user for read-only access and local aaa authentication for telnet. but i cant login with that newly created user. it will say Authentication Failed. any more idea guys? please help.
thank you very much!
-
benny
Re: Read Only access for a user
You'll have to give read-write access for telnet, otherwise you can't login.
Benny
Benny
-
ferryc
Re: Read Only access for a user
Hi Benny,
thanks for the reply. but can elaborate more about read-write access for telnet?
one thing i found out is when a switch's aaa authentication (for this example telnet) is using tacacs server, any local username will get Authenticaiton Failed. when i remove the switch from tacacs server i will be able to login with my read-only access user from local user database. the comand to create read-only access user is correct but how do we combine tacacs and local database for aaa authentication telnet?
Thanks!
thanks for the reply. but can elaborate more about read-write access for telnet?
one thing i found out is when a switch's aaa authentication (for this example telnet) is using tacacs server, any local username will get Authenticaiton Failed. when i remove the switch from tacacs server i will be able to login with my read-only access user from local user database. the comand to create read-only access user is correct but how do we combine tacacs and local database for aaa authentication telnet?
Thanks!
