Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
429
Views
1
Helpful
1
Replies

Nexus 9K - RADIUS Authorizing all LDAP users

vxlannnn
Level 1
Level 1

‎08-27-2023 01:33 PM

NXOS: version 9.3(10)

I have enabled RAIDUS in aaa using the following commands:

aaa authentication login default group radius

radius-server host server key 6 "JDYkU/B21nItOWiCoy2IayAdad3214123TUmfsdfas31290-OPLASDasdfasdf32130BUEPv8k/atg0PfwQsX6+jyqv1pDM123098DjkdsaZ0T5/JYoNVjdpB+DeCt8A" authentication accounting

The 9K successfully reaches out to my FreeRADIUS server but is giving all users network-operator regardless of the Cisco-AVPair attributes I pass. If I create a random user in LDAP and login with no groups it logs the user in and provides network-operator, for example:

user:test
roles:network-operator
account created through REMOTE authentication
Credentials such as ssh server key will be cached temporarily only for this user account
Local login not possible

I have tested the same FreeRADIUS servers and configuration on IOS based Cisco devices and authorization works fine.

Anyone know what's going on here?

Labels:
0 Helpful
1 Reply 1

marce1000
VIP
VIP

‎08-27-2023 11:10 PM

 

 - FYIhttps://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt34993
           https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvq73077
           https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp34494

                       - Use latest advisory release on the Nexus 9K (e.g.) , check if that can help , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card