Dell PowerSwitch S4128F-ON OS10 Enterprise Edition User Guide Release 10.4.1.0 - Page 522
TACACS+ unknown or missing user role, SSH server
View all Dell PowerSwitch S4128F-ON manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 522 highlights
Configure TACACS+ server OS10(config)# tacacs-server host 1.2.4.5 key mysecret View TACACS+ server configuration OS10# show running-configuration ... tacacs-server host 1.2.4.5 key 9 3a95c26b2a5b96a6b80036839f296babe03560f4b0b7220d6454b3e71bdfc59b ... Delete TACACS+ server OS10# no tacacs server host 1.2.4.5 TACACS+ unknown or missing user role When a TACACS+ server authenticates a user and does not return a role or returns an unknown role, OS10 assigns the netoperator role to the authenticated user by default. You can reconfigure the default netoperator role. • Enter an OS10 user role in CONFIGURATION mode. userrole default inherit existing-role-name - existing-role-name - Enter a user role: ◦ sysadmin - Full access to all commands in the system, exclusive access to commands that manipulate the file system, and access to the system shell. A system administrator can create user IDs and user roles. ◦ secadmin - Full access to configuration commands that set security policy and system access, such as password strength, AAA authorization, and cryptographic keys. A security administrator can display security information, such as cryptographic keys, login statistics, and log information. ◦ netadmin - Full access to configuration commands that manage traffic flowing through the switch, such as routes, interfaces, and ACLs. A network administrator cannot access configuration commands for security features or view security information. ◦ netoperator - Access to EXEC mode to view the current configuration. A network operator cannot modify any configuration setting on a switch. Reconfigure the default user role OS10(config)# userrole default inherit sysadmin SSH server In OS10, the secure shell (SSH) server allows an SSH client to access an OS10 switch through a secure, encrypted connection. The SSH server authenticates remote clients using RADIUS challenge/response, a trusted host file, locally-stored passwords, and public keys. Configure SSH server • The SSH server is enabled by default. You can disable the SSH server using no ip ssh server enable. • Challenge response authentication is disabled by default. To enable, use the ip ssh server challenge-response- authentication command. • Host-based authentication is disabled by default. To enable, use the ip ssh server hostbased-authentication command. • Password authentication is enabled by default. To disable, use the no ip ssh server password-authentication command. • Public key authentication is enabled by default. To disable, use the no ip ssh server pubkey-authentication command. • Password-less login is disabled by default. To enable, use the username sshkey or username sshkey filename commands. • Configure the list of cipher algorithms using ip ssh server cipher cipher-list. 522 System management