[prev in list] [next in list] [prev in thread] [next in thread]
List: juniper-nsp
Subject: Re: [j-nsp] SSH access with Radius auth issue
From: Jonathan Call <lordsith49 () hotmail ! com>
Date: 2018-02-16 22:07:34
Message-ID: CY4PR19MB10644E6E0FEF5126131C84E2D1CB0 () CY4PR19MB1064 ! namprd19 ! prod ! outlook ! com
[Download RAW message or body]
I don't remember if this is in 15 code but what about authentication order?
set system authentication-order [ radius password ]
Jonathan
________________________________
From: juniper-nsp <juniper-nsp-bounces@puck.nether.net> on behalf of Chris =
Boyd <cboyd@gizmopartners.com>
Sent: Friday, February 16, 2018 9:44 AM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] SSH access with Radius auth issue
Starting to tear my hair out over this one.
Recently wiped and upgraded an EX4200 to 15.1R6.7. Dropped in my standard =
Radius config that=92s working on all my other devices. Users that are loca=
lly configured on the 4200 can log in normally, but SSH sessions that are R=
adius authenticated get the session closed immediately upon supplying the c=
orrect password. Giving the wrong password gets you another password prompt=
. Google keeps taking me to pages talking about BRAS/Dialup sorts of issues.
Here=92s what=92s working on all the other switches and routers, but not on=
the newly upgraded switch:
system {
radius-server {
10.a.b.c {
secret "$9$shh_don't_tell_anyone"; ## SECRET-DATA
source-address 10.p.q.r;
}
10.x.y.z {
secret "$9$shh_don't_tell_anyone"; ## SECRET-DATA
source-address 10.p.q.r;
}
}
radius-options {
password-protocol mschap-v2;
The Radius servers are reachable by the source address.
After re-reading the Radius configuration pages, I added this to the config=
, with no effect. Behavior is the same.
groups {
global {
system {
login {
user remote {
class super-user;
}
}
}
}
}
Pointers and cluebats appreciated.
=97Chris
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
juniper-nsp Info Page - puck.nether.net<https://puck.nether.net/mailman/lis=
tinfo/juniper-nsp>
puck.nether.net
To see the collection of prior postings to the list, visit the juniper-nsp =
Archives. Using juniper-nsp: To post a message to all the list members ...
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic