Topic
  • 5 replies
  • Latest Post - ‏2013-05-09T13:50:26Z by logu
Diamond.Li
Diamond.Li
26 Posts

Pinned topic SSH Service

‏2013-03-29T15:27:47Z |
Hi everyone,

I am trying to grant "ssh login" permission to DP-DEVELOPER group. So I changed RBM policy mapping like:
<aaa:InputCredential>DP-DEVELOPER</aaa:InputCredential>
<aaa:OutputCredential>*/*/login/ssh?Access=x</aaa:OutputCredential>
<aaa:OutputCredential>*/*/mgmt/ssh?Access=rw</aaa:OutputCredential>

Then flushed RBM cache. Still, Datapower doesn't allow me to login using correct account name and password.

Any help is truly appreciate!

Diamond
Updated on 2013-03-29T20:22:46Z at 2013-03-29T20:22:46Z by Diamond.Li
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: SSH Service

    ‏2013-03-29T15:39:11Z  
    > Diamond.Li wrote:
    > Hi everyone,
    >
    > I am trying to grant "ssh login" permission to DP-DEVELOPER group. So I changed RBM policy mapping like:
    > <aaa:InputCredential>DP-DEVELOPER</aaa:InputCredential>
    > <aaa:OutputCredential>*/*/login/ssh?Access=x</aaa:OutputCredential>
    > <aaa:OutputCredential>*/*/mgmt/ssh?Access=rw</aaa:OutputCredential>
    >
    > Then flushed RBM cache. Still, Datapower doesn't allow me to login using correct account name and password.

    Enforce CLI is ON? Did you add the user to fallback? Why only execute access?

    Regards,
    Kumar
  • Diamond.Li
    Diamond.Li
    26 Posts

    Re: SSH Service

    ‏2013-03-29T15:54:26Z  
    > Diamond.Li wrote:
    > Hi everyone,
    >
    > I am trying to grant "ssh login" permission to DP-DEVELOPER group. So I changed RBM policy mapping like:
    > <aaa:InputCredential>DP-DEVELOPER</aaa:InputCredential>
    > <aaa:OutputCredential>*/*/login/ssh?Access=x</aaa:OutputCredential>
    > <aaa:OutputCredential>*/*/mgmt/ssh?Access=rw</aaa:OutputCredential>
    >
    > Then flushed RBM cache. Still, Datapower doesn't allow me to login using correct account name and password.

    Enforce CLI is ON? Did you add the user to fallback? Why only execute access?

    Regards,
    Kumar
    I successfully login after I enabled "RBM on CLI". What you mean "the fallback user" is I can create a local account in case of LDAP server glitch right?

    Thanks for your help!

    Diamond
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: SSH Service

    ‏2013-03-29T17:28:25Z  
    I successfully login after I enabled "RBM on CLI". What you mean "the fallback user" is I can create a local account in case of LDAP server glitch right?

    Thanks for your help!

    Diamond
    When you create the RBM settings using LDAP you have the option fallback user which can be set at all users or specific users in the case RBM is getting failed.
    Regards,
    Kumar
  • Diamond.Li
    Diamond.Li
    26 Posts

    Re: SSH Service

    ‏2013-03-29T20:22:46Z  
    Thanks a lot!
  • logu
    logu
    1 Post

    Re: SSH Service

    ‏2013-05-09T13:50:26Z  
    I successfully login after I enabled "RBM on CLI". What you mean "the fallback user" is I can create a local account in case of LDAP server glitch right?

    Thanks for your help!

    Diamond

    Yes, we have privilaged users in local account