Testing Done: |
|
|---|
Bug 818: AD Integration to Support AVX admin authentication, authorization
Review Request #348 — Created July 17, 2024 and updated
| Information | |
|---|---|
| rodiveedu | |
| AVX2 | |
| rel_avx_2_7_2_sbi | |
| Reviewers | |
| kdutta, pradeep, prajesh | |
AD Integration to Support AVX admin authentication, authorization
login as: array
array@192.168.85.225's password:
AVX Rel.AVX.2.7.0.194 - untagged unofficial build by on devrohith on Wed Jul 1 7 08:39:06 2024
Copyright (c) 2000-2020 Array NetWorks Inc. All rights reserved.Type "?" for available commands
avx9900.63>en
Enable password:avx9900.63#sh ver
AVX Rel.AVX.2.7.0.194 - untagged unofficial build by on devrohith on Wed Jul 17 08:39:06 2024
Host name : avx9900.63 System CPU : Intel(R) Xeon(R) CPU System RAM : 131518124 kbytes.System boot time : Wed Jul 17 21:12:22 CST (+0800) 2024
Current time : Wed Jul 17 21:13:51 CST (+0800) 2024
System up time : 1 min,
Platform Bld Date : Tue Oct 18 00:43:44 EDT 2022
SSL HW : HW ( 1X80H ) Initialized
Compression HW : 1XC35 Initialized
Power supply : 2U, AC, 2-cords, Redundancy
Network Interface : 0 x Gigabit Ethernet copper
8 x 10Gigabit Ethernet fiber
2 x 40Gigabit Ethernet fiber
Model : Array AVX 7900
Serial Number : 2224N0591957901403006031032070
License Key : e58230a8-7e2d15a4-01381921-ced88ccc-6bfb08ee-ff000000-0455d8ab-20231204-99999999
Expiration Date : PermanentArray Networks Customer Support
Telephone : 1-877-992-7729 (1-877-99-ARRAY)
Email : support@arraynetworks.com
Update : please contact support for instructions
Website : http://www.arraynetworks.comOther Root Version
Rel.AVX.2.7.0.194 - untagged unofficial build by on devrohith on Wed Jul 17 02:45:39 2024avx9900.63#
avx9900.63#
avx9900.63#
avx9900.63#
avx9900.63#
avx9900.63#
avx9900.63#
avx9900.63#
avx9900.63#conf tavx9900.63(config)#show ?
admin show administration configurations
bond Display bond interface information
config Display configuration from memory/files
date Display current date/time
debug Display debugging information
dhcp Display dhcp configuration
ha Display HA configuration and status
hostname Display the hostname
interface Display NIC information
ip Display IP related settings
license Display the license settings
log Display log data and settings
macpool Display all items of the MAC pool
monitor Display monitor process status(on/off) and the names of executable scripts
ntp Show NTP status
openstack Show OpenStack related settings
pager Show page interval (lines)
promisc Display SR-IOV VF promiscuous configuration
restapi Show RESTful API based Web Service Configuration
running Display running configuration
snmp Display SNMP server settings
ssh Show ssh Settings
avx9900.63(config)#show admin ?
aaa Display external authentication configurationsavx9900.63(config)#show admin aaa ?
all Display all external authentication configurationsavx9900.63(config)#show admin aaa all
admin aaa off
admin aaa authorize off
admin aaa method LDAPavx9900.63(config)#clear admin aaa all
avx9900.63(config)#show admin aaa all
admin aaa off
admin aaa authorize off
admin aaa method LDAPavx9900.63(config)#admin aaa on 1
avx9900.63(config)#admin aaa auth
avx9900.63(config)#admin aaa authorize on
avx9900.63(config)#admin aaa meth
avx9900.63(config)#admin aaa method LDAP
avx9900.63(config)#admin aaa server ldap es01 "192.168.162.100" 389 "OU=QA,DC=$
avx9900.63(config)#show admin aaa all
admin aaa on 1
admin aaa authorize on
admin aaa method LDAP
admin aaa server ldap es01 "192.168.162.100" 389 "OU=QA,DC=blrlab,DC=in" "CN=Eng,DC=blrlab,DC=in"
| Description | From | Last Updated |
|---|---|---|
|
we are not calling external_auth while login, due to this only we are not able to use extrnal auth. It … |
 kdutta
|
|
|
hardcoded |
kdutta
|
|
|
not needed |
kdutta
|
|
|
not needed, this is for radius .. remove unnecessary function from this files |
kdutta
|
|
|
TOP not defined, first undestand and then add |
kdutta
|
|
|
TOP not defined, first undestand and then add |
kdutta
|
|
|
is_external_auth_server_enabled() |
 prajesh
|
|
|
remove all logs.. |
prajesh
|
|
|
do_external_auth Fucntion name should indicate a action/verb. |
prajesh
|
|
|
remove these logs. |
prajesh
|
|
|
what are these changes for? |
prajesh
|
|
|
You need to fix the logging part. |
prajesh
|
|
|
why we are checking local account details? |
prajesh
|
|
|
Why do we need this code? Are we reusing the code from APV? |
prajesh
|
-
-
branches/rel_avx_2_7_2/lib/exauth/auth_ext.c (Diff revision 1) we are not calling external_auth while login, due to this only we are not able to use extrnal auth. It is always uses unix default local authntication.
-
-
-
branches/rel_avx_2_7_2/lib/exauth/auth_ext_ipc.c (Diff revision 1) not needed, this is for radius .. remove unnecessary function from this files
-
branches/rel_avx_2_7_2/src/backend/Makefile (Diff revision 1) TOP not defined, first undestand and then add
-
branches/rel_avx_2_7_2/src/cli/Makefile (Diff revision 1) TOP not defined, first undestand and then add
Diff: |
Revision 3 (+2570 -61)
|
|---|
-
-
-
-
branches/rel_avx_2_7_2/lib/exauth/auth_ext.c (Diff revision 3) do_external_auth
Fucntion name should indicate a action/verb.
-
-
-
-
branches/rel_avx_2_7_2/lib/exauth/auth_ext.c (Diff revision 3) why we are checking local account details?
-
branches/rel_avx_2_7_2/lib/libpyauth/pyauth.c (Diff revision 3) Why do we need this code? Are we reusing the code from APV?