Page MenuHomeVyOS Platform
Create Task
Maniphest T3201

Operational command "show log all" is not working for RADIUS users
Closed, ResolvedPublicBUG
Actions

Description

It appears that show log all does not work for even privileged RADIUS users:

trae@cr01a-vyos# run show log all
Remote command execution is not allowed for operator level users
Remote command execution is not allowed for operator level users
Remote command execution is not allowed for operator level users
Remote command execution is not allowed for operator level users
Remote command execution is not allowed for operator level users
Remote command execution is not allowed for operator level users
trae@cr01a-vyos# whoami
trae

/etc/raddb/users:

DEFAULT Group == network_admins
    Service-Type = NAS-Prompt-User,
    cisco-avpair = "shell:priv-lvl=15",
    Arista-AVPair = "shell:roles=network-admin"

DEFAULT Group == network_operators
    Service-Type = NAS-Prompt-User,
    cisco-avpair = "shell:priv-lvl=10",
    Arista-AVPair = "shell:roles=network-operator"

User in question (FreeIPA backend):

sh-4.4$ groups trae
trae : trae network_admins physical_admins god_mode editors admins

This configuration works fine for all other devices (Arista, UBNT, Aruba, etc).

Details

Difficulty level
Easy (less than an hour)
Version
1.3-rolling-202101061750
Why the issue appeared?
Design mistake
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

trae32566 created this task.Jan 9 2021, 7:26 PM
pasik added a subscriber: pasik.Jan 10 2021, 11:32 AM
c-po changed the task status from Open to In progress.Jan 11 2021, 7:03 PM
c-po claimed this task.
c-po closed this task as Resolved.Jan 11 2021, 7:07 PM
c-po triaged this task as Low priority.
c-po changed Difficulty level from Unknown (require assessment) to Easy (less than an hour).
c-po changed Why the issue appeared? from Will be filled on close to Design mistake.
c-po changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Mar 18 2021, 4:28 PM
SrividyaA renamed this task from show log all Not Working for RADIUS Users to Operational command "show log all" not working for RADIUS users.Aug 30 2021, 3:44 PM
SrividyaA renamed this task from Operational command "show log all" not working for RADIUS users to Operational command "show log all" is not working for RADIUS users.
SrividyaA set Issue type to Bug (incorrect behavior).
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 29 2022, 12:26 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.