Juniper : This account is currently not available.

Node ManNode Man Member Posts: 668 ■■■□□□□□□□
in Off-Topic
Hi Everyone,
I'm trying to set up remote authentication on a Juniper J2300. I already have both tac_plus and freeradius servers up and running. Verified successfully with a Cisco router. The Juniper does not seem to like remote authentication. Here is some snaps:





From the Junipers syslogs:
Apr 25 22:30:53 10.0.0.235 sshd: tac_send_authen: Could not bind on socket: Can't assign requested address
Apr 25 22:30:53 10.0.0.235 sshd[11268]: Accepted password for jeff from 10.0.0.207 port 42390 ssh2
Apr 25 22:30:55 10.0.0.235 sshd[11268]: Received disconnect from 10.0.0.207: 11: Bye
Apr 25 22:30:55 10.0.0.235 inetd[2790]: /usr/sbin/sshd[11268]: exited, status 255


But notice, the FreeRadius server is accepting the credentials:
Wed Apr 25 22:30:09 2018 : Auth: Login OK: [jeff/jeff123] (from client localhost port 0) Welcome


My guess is that there is some ip or port mismatch.

Any advise?

Thanks!
· Share on FacebookShare on Twitter

Comments

  • Node ManNode Man Member Posts: 668 ■■■□□□□□□□
    I found the solution. The indication was another log trap:

    Apr 29 03:44:23 junos04 sshd: User 'remote' authenticated successfully but no local login-id configured.

    After some googling, I found an article that explains that the jncia login config is missing a line:

    set system login user remote class super-user


    After adding that line, radius authentification worked.

    So the basic working config looks like this:

    # set system authentication-order radius
    # set system radius-server 10.1.1.2 secret "<SECRET>"
    # set system authentication-order radius
    # set system authentication-order password
    # set system login user remote class operator


    Here is the helpful article:
    https://forum.ivorde.com/junos-user-remote-authenticated-successfully-but-no-local-login-id-configured-t19751.html
    · Share on FacebookShare on Twitter
Sign In or Register to comment.