For the HP Comware network device, below is the configuration template.
system-view
!#### Configure the RADIUS Scheme ####
radius scheme freeradius-scheme
server-type extended
primary authentication <primary_radius_server_ip>
primary accounting <primary_radius_server_ip>
!# Optional: If Secondary RADIUS Server is planned and operational
!secondary authentication <secondary_radius_server_ip>
!secondary accounting <secondary_radius_server_ip>
key authentication <radius_key>
key accounting <radius_key>
user-name-format without-domain
!# Note: This is the source IP connecting to the RADIUS Server(s)
nas-ip <network_device_management_ip>
!
!#### Configure the Domain ####
domain freeradius-domain
authentication login radius-scheme freeradius-scheme
authorization login radius-scheme freeradius-scheme
accounting login radius-scheme radius-scheme
access-limit disable
state active
idle-cut disable
self-service-url disable
!
!#### Apply scheme to the remote access terminals
user-interface vty 0 15
undo user privilege level
authentication-mode scheme
!
!# WARNING: Ensure RADIUS server is working properly prior activating this
domain default enable radius-domain
!
return
For the FreeRADIUS configuration, these are the files needed to be configured and the lines to be added.
Clients Configuration File (clients.conf)
Insert the lines below and change all variables above with the appropriate values.
client <network_device_management_ip> {
secret = <radius_key>
nastype = cisco
shortname = <network_device_name>
}
Users Configuration File (users)
Insert the lines below with example username "netadmin" and password "netadmin" which has administrator privileges (Level 3).
netadmin Cleartext-Password := "netadmin"
Service-Type = NAS-Prompt-User,
# RADIUS Attribute
Huawei-Exec-Privilege = "3",
# Login-Service 50 is for SSH
Login-Service = 50
If all are working properly, these logs should appear showing the account connecting to the network device via SSH.
Jan 17 19:00:01 radiussvr01 freeradius[52280]: Login OK: [netadmin] (from client HP-TEST-SWITCH port 0)
Jan 17 19:00:01 radiussvr01 freeradius[52280]: Login OK: [netadmin] (from client HP-TEST-SWITCH port 0)
Kindly let me know if anyone have problems or issues with this post. I will post next time testing on HP Comware 7 with the latest FreeRADIUS.
Update: Check this post for support for HP Comware 7.