Hi All!
We have a strange observation with configadmin user as below…
confd[2292]: audit user: cadmin1/0 logged in over ssh from 127.0.0.1 with authmeth:password
confd[2292]: audit user: cadmin1/41 assigned to groups: configadmin
# ssh cadmin1@localhost
cadmin1@localhost's password:
cadmin1 connected from 127.0.0.1 using ssh on xyzserver
# show cli session list
Session User Context From Proto Date Mode
*42 cadmin1 cli 127.0.0.1 ssh 18:55:50 operational
37 admin netconf 10.60.10.71 ssh 18:37:26 operational
36 admin netconf 10.60.10.71 ssh 18:37:26 operational
17 admin netconf 10.60.1.101 ssh 12:34:08 operational
14 admin netconf 10.60.1.101 ssh 12:34:08 operational
#
# show cli session id
user = cadmin1(1), gid=1, groups=configadmin, gids=0
#
From above logs its clear it was a configadmin. But we see operator rules being applied.
# config
Entering configuration mode terminal
(config)# aa
^
% Invalid input detected at '^' marker.
(config)# aa
^
% Invalid input detected at '^' marker.
(config)# aa
# show cl
tried to change his password and not able to…
rgds
Balaji Kamal Kannadassan