Page MenuHomeVyOS Platform

show log all Not Working for RADIUS Users
Closed, ResolvedPublicBUG

Description

It appears that show log all does not work for even privileged RADIUS users:

trae@cr01a-vyos# run show log all
Remote command execution is not allowed for operator level users
Remote command execution is not allowed for operator level users
Remote command execution is not allowed for operator level users
Remote command execution is not allowed for operator level users
Remote command execution is not allowed for operator level users
Remote command execution is not allowed for operator level users
trae@cr01a-vyos# whoami
trae

/etc/raddb/users:

DEFAULT Group == network_admins
    Service-Type = NAS-Prompt-User,
    cisco-avpair = "shell:priv-lvl=15",
    Arista-AVPair = "shell:roles=network-admin"

DEFAULT Group == network_operators
    Service-Type = NAS-Prompt-User,
    cisco-avpair = "shell:priv-lvl=10",
    Arista-AVPair = "shell:roles=network-operator"

User in question (FreeIPA backend):

sh-4.4$ groups trae
trae : trae network_admins physical_admins god_mode editors admins

This configuration works fine for all other devices (Arista, UBNT, Aruba, etc).

Details

Difficulty level
Easy (less than an hour)
Version
1.3-rolling-202101061750
Why the issue appeared?
Design mistake
Is it a breaking change?
Perfectly compatible

Event Timeline

c-po changed the task status from Open to In progress.Mon, Jan 11, 7:03 PM
c-po claimed this task.
c-po triaged this task as Low priority.
c-po changed Difficulty level from Unknown (require assessment) to Easy (less than an hour).
c-po changed Why the issue appeared? from Will be filled on close to Design mistake.
c-po changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.