Page MenuHomeVyOS Platform

Operational command "show log all" is not working for RADIUS users
Closed, ResolvedPublicBUG

Description

It appears that show log all does not work for even privileged RADIUS users:

trae@cr01a-vyos# run show log all
Remote command execution is not allowed for operator level users
Remote command execution is not allowed for operator level users
Remote command execution is not allowed for operator level users
Remote command execution is not allowed for operator level users
Remote command execution is not allowed for operator level users
Remote command execution is not allowed for operator level users
trae@cr01a-vyos# whoami
trae

/etc/raddb/users:

DEFAULT Group == network_admins
    Service-Type = NAS-Prompt-User,
    cisco-avpair = "shell:priv-lvl=15",
    Arista-AVPair = "shell:roles=network-admin"

DEFAULT Group == network_operators
    Service-Type = NAS-Prompt-User,
    cisco-avpair = "shell:priv-lvl=10",
    Arista-AVPair = "shell:roles=network-operator"

User in question (FreeIPA backend):

sh-4.4$ groups trae
trae : trae network_admins physical_admins god_mode editors admins

This configuration works fine for all other devices (Arista, UBNT, Aruba, etc).

Details

Version
1.3-rolling-202101061750
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

c-po changed the task status from Open to In progress.Jan 11 2021, 7:03 PM
c-po claimed this task.
c-po triaged this task as Low priority.
c-po edited a custom field.
c-po edited a custom field.
c-po changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
SrividyaA renamed this task from show log all Not Working for RADIUS Users to Operational command "show log all" not working for RADIUS users.Aug 30 2021, 3:44 PM
SrividyaA renamed this task from Operational command "show log all" not working for RADIUS users to Operational command "show log all" is not working for RADIUS users.
SrividyaA set Issue type to Bug (incorrect behavior).