Topic
5 replies Latest Post - ‏2013-05-09T13:50:26Z by logu
Diamond.Li
Diamond.Li
26 Posts
ACCEPTED ANSWER

Pinned topic SSH Service

‏2013-03-29T15:27:47Z |
Hi everyone,

I am trying to grant "ssh login" permission to DP-DEVELOPER group. So I changed RBM policy mapping like:
<aaa:InputCredential>DP-DEVELOPER</aaa:InputCredential>
<aaa:OutputCredential>*/*/login/ssh?Access=x</aaa:OutputCredential>
<aaa:OutputCredential>*/*/mgmt/ssh?Access=rw</aaa:OutputCredential>

Then flushed RBM cache. Still, Datapower doesn't allow me to login using correct account name and password.

Any help is truly appreciate!

Diamond
Updated on 2013-03-29T20:22:46Z at 2013-03-29T20:22:46Z by Diamond.Li
  • SystemAdmin
    SystemAdmin
    6772 Posts
    ACCEPTED ANSWER

    Re: SSH Service

    ‏2013-03-29T15:39:11Z  in response to Diamond.Li
    > Diamond.Li wrote:
    > Hi everyone,
    >
    > I am trying to grant "ssh login" permission to DP-DEVELOPER group. So I changed RBM policy mapping like:
    > <aaa:InputCredential>DP-DEVELOPER</aaa:InputCredential>
    > <aaa:OutputCredential>*/*/login/ssh?Access=x</aaa:OutputCredential>
    > <aaa:OutputCredential>*/*/mgmt/ssh?Access=rw</aaa:OutputCredential>
    >
    > Then flushed RBM cache. Still, Datapower doesn't allow me to login using correct account name and password.

    Enforce CLI is ON? Did you add the user to fallback? Why only execute access?

    Regards,
    Kumar
    • Diamond.Li
      Diamond.Li
      26 Posts
      ACCEPTED ANSWER

      Re: SSH Service

      ‏2013-03-29T15:54:26Z  in response to SystemAdmin
      I successfully login after I enabled "RBM on CLI". What you mean "the fallback user" is I can create a local account in case of LDAP server glitch right?

      Thanks for your help!

      Diamond
      • SystemAdmin
        SystemAdmin
        6772 Posts
        ACCEPTED ANSWER

        Re: SSH Service

        ‏2013-03-29T17:28:25Z  in response to Diamond.Li
        When you create the RBM settings using LDAP you have the option fallback user which can be set at all users or specific users in the case RBM is getting failed.
        Regards,
        Kumar
      • logu
        logu
        1 Post
        ACCEPTED ANSWER

        Re: SSH Service

        ‏2013-05-09T13:50:26Z  in response to Diamond.Li

        Yes, we have privilaged users in local account

  • Diamond.Li
    Diamond.Li
    26 Posts
    ACCEPTED ANSWER

    Re: SSH Service

    ‏2013-03-29T20:22:46Z  in response to Diamond.Li
    Thanks a lot!