[j-nsp] JUNOS RADIUS Authentication
Eric Van Tol
eric at atlantech.net
Wed Dec 3 12:05:42 EST 2008
Hi all,
I'm trying to configure JUNOS for RADIUS authentication and I've gotten to the point where the user is granted access, but for some reason is immediately logged out of the router:
-= 11:35:13 - /home/eric =-
[506 - eric at net1]# ssh -l test1 172.16.200.170
test1 at 172.16.200.170's password:
--- JUNOS 8.4R2.3 built 2007-09-18 09:21:59 UTC
This account is currently not available.
Connection to 172.16.200.170 closed.
My RADIUS and login config:
root at m5-red# show system radius-server
10.10.7.210 {
secret "$9$3UL4ntOhclMLNrewYg4ZG"; ## SECRET-DATA
source-address 172.16.200.170;
}
[edit]
root at m5-red# show system login
class FullAccess {
permissions all;
}
class PartialAccess {
permissions [ view view-configuration ];
}
user full {
class FullAccess;
}
user partial {
class PartialAccess;
}
I'm attempting to authenticate against Windows IAS, and I believe that it is setup properly, as I'm passing the 'Juniper-Local-User-Name' attribute to the router, per some other posts I've found with similar setup issues. The fact that I can get an Access-Accept packet from the RADIUS server leads me to believe that there's something up with JUNOS. I'm trying not to have to use the 'remote' template because I can't see how I could have users with different access classes and setting up different users on the router with passwords kind of defeats the purpose of RADIUS.
Anyone else run into this before?
Thanks,
evt
More information about the juniper-nsp
mailing list