[j-nsp] radiusd problem...

Wayne.Kampjes at alcatel.co.nz Wayne.Kampjes at alcatel.co.nz
Mon Jan 9 14:54:16 EST 2006


Looks like the radius server isn't responding or the radius packets can't
get there or back. Firewall filter? Clients list in the radius server?

Wayne





"Goldschmidt, Bernd" <bernd.goldschmidt at siemens.com>
Sent by: juniper-nsp-bounces at puck.nether.net
09/01/2006 11:48 PM

        To:     "Erol KAHRAMAN" <erol.kahraman at gmail.com>,
<juniper-nsp at puck.nether.net>
        cc:
        Subject:        RE: [j-nsp] radiusd problem...


Did you tried to add a user remote:

[edit]
system {
    login {
        user remote {
            uid 2001;
            class super-user;
        }
    }
}

You need this user to have a homedir on the box.
The JUNOS router will use this for all remote users.

Gruß
Bernd.






> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of
> Erol KAHRAMAN
> Sent: Monday, January 02, 2006 3:32 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] radiusd problem...
>
> hi to everybody,
>
> I installed FreeRADIUS v 1.0.4 on FedoraCore4 server. Created system
> accounts and test it for my (HP) switches. Everything was ok. But when
> i tried to connect to my router by using radius i got the following
> error.
>
> Jan  2 14:56:13  Router1 sshd: rad_send_request: No valid RADIUS
> responses received
> Jan  2 14:56:13  Router1 sshd[8236]: Failed password for user2 from
> 10.1.1.2 port 45067 ssh2
> Jan  2 14:56:39  Router1 sshd[8236]: rad_send_request: No valid RADIUS
> responses received
> Jan  2 14:56:40  Router1 sshd[8236]: Failed password for user2 from
> 10.1.1.2 port 45067 ssh2
> Jan  2 14:57:45  Router1 sshd[8236]: rad_send_request: No valid RADIUS
> responses received
> Jan  2 14:57:45  Router1 sshd[8236]: Accepted password for user2 from
> 10.1.1.2 port 45067 ssh2
> Jan  2 14:58:06  Router1 sshd: rad_send_request: No valid RADIUS
> responses received
> Jan  2 14:58:06  Router1 sshd[8240]: Failed password for user2 from
> 10.1.1.2 port 45068 ssh2
> Jan  2 14:58:08  Router1 inetd[3454]: /usr/sbin/sshd[8240]:
> exited, status 255
> Jan  2 14:58:26  Router1 sshd: rad_send_request: No valid RADIUS
> responses received
> Jan  2 14:58:26  Router1 sshd[8242]: Failed password for user1 from
> 10.1.1.2 port 45069 ssh2
> Jan  2 14:58:40  Router1 sshd[8242]: rad_send_request: No valid RADIUS
> responses received
> Jan  2 14:58:40  Router1 sshd[8242]: Failed password for user1 from
> 10.1.1.2 port 45069 ssh2
> Jan  2 15:00:14  Router1 sshd[8242]: fatal: Timeout before
> authentication for 10.1.1.2
> Jan  2 15:00:14  Router1 inetd[3454]: /usr/sbin/sshd[8242]:
> exited, status 255
>
> my router configuration is:
>
> system {
>     authentication-order [ radius password ];
>     }
>     radius-server {
>         10.1.2.2 {
>             secret ""; ## SECRET-DATA
>         }
>     }
>
>         class isletmen {
>             permissions view;
>         }
>
>         user user1 {
>             uid 2000;
>             class superuser;
>             authentication {
>                 encrypted-password ""; ## SECRET-DATA
>             }
>         }
>         user user2 {
>             uid 3000;
>             class isletmen;
>             authentication {
>                 encrypted-password ""; ## SECRET-DATA
>
> what could be the problem ?
>
> And also want to ask a question, which authentication server is more
> preferable TACACS or RADIUS
>
> --
> Erol KAHRAMAN
> System Network Administrator
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp



This email may contain privileged/confidential information. You may not copy or disclose this email to anyone without the written permission of the sender.  If you have received this email in error please kindly delete this message and notify the sender.  Opinions expressed in this email are those of the sender and not necessarily the opinions of the employer.

This email and any attached files should be scanned to detect viruses.  No liability will be accepted by the employer for loss or damage (whether caused by negligence or not) as a result of email transmission.


More information about the juniper-nsp mailing list