Juniper : This account is currently not available.

Hi Everyone,
I'm trying to set up remote authentication on a Juniper J2300. I already have both tac_plus and freeradius servers up and running. Verified successfully with a Cisco router. The Juniper does not seem to like remote authentication. Here is some snaps:

From the Junipers syslogs:
Apr 25 22:30:53 10.0.0.235 sshd: tac_send_authen: Could not bind on socket: Can't assign requested address
Apr 25 22:30:53 10.0.0.235 sshd[11268]: Accepted password for jeff from 10.0.0.207 port 42390 ssh2
Apr 25 22:30:55 10.0.0.235 sshd[11268]: Received disconnect from 10.0.0.207: 11: Bye
Apr 25 22:30:55 10.0.0.235 inetd[2790]: /usr/sbin/sshd[11268]: exited, status 255

But notice, the FreeRadius server is accepting the credentials:
Wed Apr 25 22:30:09 2018 : Auth: Login OK: [jeff/jeff123] (from client localhost port 0) Welcome

My guess is that there is some ip or port mismatch.

Any advise?

Thanks!

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Node Man

I found the solution. The indication was another log trap:

Apr 29 03:44:23 junos04 sshd: User 'remote' authenticated successfully but no local login-id configured.

After some googling, I found an article that explains that the jncia login config is missing a line:

set system login user remote class super-user

After adding that line, radius authentification worked.

So the basic working config looks like this:

# set system authentication-order radius
# set system radius-server 10.1.1.2 secret "<SECRET>"
# set system authentication-order radius
# set system authentication-order password
# set system login user remote class operator

Here is the helpful article:
https://forum.ivorde.com/junos-user-remote-authenticated-successfully-but-no-local-login-id-configured-t19751.html