And I want to use it purely as a RADIUS authentication server to manage my network devices. Nothing fancy like hotspot or CRM etc...
And I have a lot of Cisco Nexus switches in my core. Excellent switches I must admit.
Also I like so far how user-manager works. Much better than our previous freeradius/LDAP contraption that we have previously experimented with. How do I get Mikrotik User-manager to work nicely together with Cisco NXOS?
However I am having trouble using user-manager with our Nexus switches. I can authenticate to the switch, but it is hard coded to give me write only 'network-operator' privileges instead of 'network-admin' privileges by default. And I need 'network-admin' privileges(or 'full' privileges in Mikrotik terms). As far as I know there is no way to chenge this default. However it is possible to get those privileges by pushing a RADIUS attribute. The RADIUS attribute is supposed to be called 'Cisco-AVPair', I think?
So far I have configured it like this(attachment picture 1). I don't know if this is correct, can you help? Code:
Code: Select all
/user-manager attribute
add name=Cisco-AVPair type-id=26 value-type=string vendor-id=Cisco
Code: Select all
/user-manager user
add attributes="Cisco-AVPair:= \"shell:roles*\\\"network-admin vdc-admin\\\"\"" name=XYZ shared-users=unlimited
Code: Select all
radius-server host 1.1.1.1 key 7 "somekey" authentication accounting timeout 1
radius-server host 8.8.8.8 key 7 "somekey" authentication accounting
radius-server directed-request
aaa group server radius RADIUS
server 1.1.1.1
server 8.8.8.8
aaa authentication login default fallback error local
aaa authentication login default group RADIUS