[j-nsp] SSH access with Radius auth issue

Chris Boyd cboyd at gizmopartners.com
Fri Feb 16 11:44:52 EST 2018


Starting to tear my hair out over this one.

Recently wiped and upgraded an EX4200 to 15.1R6.7.  Dropped in my standard Radius config that’s working on all my other devices. Users that are locally configured on the 4200 can log in normally, but SSH sessions that are Radius authenticated get the session closed immediately upon supplying the correct password. Giving the wrong password gets you another password prompt. Google keeps taking me to pages talking about BRAS/Dialup sorts of issues.

Here’s what’s working on all the other switches and routers, but not on the newly upgraded switch:

system {
    radius-server {
        10.a.b.c {
            secret "$9$shh_don't_tell_anyone"; ## SECRET-DATA
            source-address 10.p.q.r;
        }
        10.x.y.z {
            secret "$9$shh_don't_tell_anyone"; ## SECRET-DATA
            source-address 10.p.q.r;
        }
    }
    radius-options {
        password-protocol mschap-v2;

The Radius servers are reachable by the source address.

After re-reading the Radius configuration pages, I added this to the config, with no effect.  Behavior is the same.

groups {
    global {
        system {
            login {
                user remote {
                    class super-user;
                }
            }
        }
    }
}

Pointers and cluebats appreciated.

—Chris



More information about the juniper-nsp mailing list