瞻博网络半径配置

网络工程 杜松 瞻博网络 半径
2021-07-24 16:42:39

我想弄清楚如何在瞻博网络 EX2300 上设置半径。瞻博网络可以访问服务器没问题,但是当我运行“test aaa authd-lite user [user] password [password]”命令时,我得到以下输出:

Authentication Deny
Reason : malformed-request
Test complete. Exiting

设置日志记录后,我看到以下内容:

Apr 10 10:34:26.401395 authd_read_msg: Fresh msg arrival. fd=50, hdr_read=0, hdr_remnant=0, payload_read=0 payload_remnant=0
Apr 10 10:34:26.401516 fresh message conn=0x2f35000
Apr 10 10:34:26.401575 read fresh message conn=0x2f35000 hdr_remnant=0 hdr_read=32
Apr 10 10:34:26.401616 Read payload for new message. fd=50, rqst_len=107
Apr 10 10:34:26.401650 Read payload for new message. fd=50, payload_len=75, rqst_len=107, cookie=1
Apr 10 10:34:26.401707 Process/Dispatch Client Message
Apr 10 10:34:26.401748 New Process/Dispatch Client Message
Apr 10 10:34:26.401813 authd_tlv_build_list_from_struct username ([username]) len:6
Apr 10 10:34:26.401869 authd_tlv_build_list_from_struct username l =7 offset =56
Apr 10 10:34:26.401916 authd_tlv_build_list_from_struct profile l =1 offset =63
Apr 10 10:34:26.401963 authd_tlv_build_list_from_struct password (0x111b144) len:9
Apr 10 10:34:26.402006 authd_tlv_build_list_from_struct password l =10 offset =64
Apr 10 10:34:26.402051 authd_auth_aaa_msg_create: num_of_tlvs:1 tot_num_of_tlv:3
Apr 10 10:34:26.402095 authd_auth_aaa_msg_create: aaa-key:len:29:29 acctg_id(lite-test:9266437712586873032)
Apr 10 10:34:26.402130 authd_auth_aaa_msg_create profile:()
Apr 10 10:34:26.402183 Process Request
Apr 10 10:34:26.402286 SEQ RecvClientMsg:CONN2f35000:7 session-id:9266437712586873032 Opcode:1, Subcode:0 (ACCESS_REQUEST)
Apr 10 10:34:26.402427 Creating SubscriberASTEntry for session-id:9266437712586873032, session name:[username]
Apr 10 10:34:26.402494 SubscriberASTEntry: Instantiate/Add Acct-session-id for authd-lite clients Acct-sess-id:lite-test:9266437712586873032Acct-Sess-id length:29
Apr 10 10:34:26.402547 setAccountingInfo:
Apr 10 10:34:26.402588 setAccountingInfo: service accounting order
Apr 10 10:34:26.402709 UserAccess:[username] session-id:9266437712586873032 Access-profile: Multi-Acct-Session-Id:0
Apr 10 10:34:26.402754 authd_auth_modules_pre_feed_sanity: message passed sanity test profile=(), username=(username)
Apr 10 10:34:26.402810 AuthFsm::current state=AuthInit(0) event=1 astEntry=0x117f074 aaa msg=0x106c074
Apr 10 10:34:26.402848 ###################################################################
Apr 10 10:34:26.402881 ########################### AUTH REQ RCVD #########################
Apr 10 10:34:26.402912 ###################################################################
Apr 10 10:34:26.402943 Auth-FSM: Process Auth-Request for session-id:9266437712586873032
Apr 10 10:34:26.403285 Framework: Message failed sanity test - the access-profile info is invalid
Apr 10 10:34:26.403351 SEQ SendClientMsg:CONN2f35000:7 session-id:9266437712586873032 reply-code=5 (MALFORMED REQUEST), result-subopcode=15 (INTERNAL_ERROR), cookie=1, rply_len=28, num_tlv_blocks=0
Apr 10 10:34:26.403531 Delete session-id:9266437712586873032
Apr 10 10:34:26.403635 Begin to logout Subscriber session-id:9266437712586873032
Apr 10 10:34:26.403738 UserAccess:[username] session-id:9266437712586873032 state:log-out  reason: null null
Apr 10 10:34:26.403820 doPersistedDataUpdates
Apr 10 10:34:26.403867 doPersistedDataUpdates
Apr 10 10:34:26.404013 authd_auth_aaa_msg_destroy
Apr 10 10:34:26.404095 authd_auth_aaa_msg_destructauth_aaa_msg: 0x106c074
Apr 10 10:34:26.404139 authd_write_conn: response is 0x2f3505c, total len is 28 and sent is 0
Apr 10 10:34:26.404388 authd_write_conn: response is 0x2f3505c, wrote 28 bytes
Apr 10 10:34:30.404350 authd_read_msg: Fresh msg arrival. fd=50, hdr_read=0, hdr_remnant=0, payload_read=0 payload_remnant=0
Apr 10 10:34:30.404467 fresh message conn=0x2f35000
Apr 10 10:34:30.404524 Reading remnants: premature EOF
Apr 10 10:34:30.404564 authd_conn_terminate: Terminate connection 0x2f35000
Apr 10 10:34:30.404663 clearConnIdTable: Removing all sessions for conn-id:CONN2f35000:7 as the client daemon may be down
Apr 10 10:34:30.404756 Reading remnants, errCode=0

对我来说,msot 最突出的一点是关于访问配置文件无效的行。来自 Cisco 背景,JunOS 中的一些东西看起来有点奇怪。我发现了 5 个不同的地方,我可以在其中配置半径服务器、端口和其他属性。我不太确定为什么不能在一个地方创建它们,然后在需要它们的任何地方引用它们。也许他们可以,但我目前不明白。

以下是我当前的半径配置。有人可以告诉我我在这里缺少什么以及它应该如何工作吗?

system {
    host-name LAB-EX2300-01;
    auto-snapshot;
    time-zone America/Detroit;
    authentication-order [ radius password ];
    root-authentication {
        encrypted-password "$5$6mhl0oZ3$D.GLfc2GmvJI8TLJNzo3ElfawrPP4mWyYOTCjmaZpA/"; ## SECRET-DATA
    }
    name-server {
        192.168.0.161;
        192.168.64.161;
    }
    radius-server {
        172.16.0.16 {
            port 1812;
            accounting-port 1813;
            secret "$9$kmQ3n/COIcAp8XN-g4QFn6p0REyKMLdbzn6/tpM8LXdbgoJ"; ## SECRET-DATA
            retry 3;
            source-address 192.168.60.50;
        }
    }
    login {
        message "*********************************\n*                               *\n* This system is restricted to  *\n* authorized users for business *\n* purposes only.  Unauthorized  *\n* users will be prosecuted.     *\n*                               *\n*********************************";


access-profile RADIUS;

access {
    profile RADIUS {
        authentication-order [ radius password ];
        radius {
            authentication-server 172.16.0.16;
            accounting-server 172.16.0.16;
        }
        radius-server {
            172.16.0.16 {
                port 1812;
                accounting-port 1813;
                secret "$9$IQxhlvM8XVs4xNHqPf6/lKMWNdY2aUjk5QeMW87NjHkq5Q69A"; ## SECRET-DATA
                retry 3;
            }
        }
        accounting {
            order radius;
1个回答

我最终弄清楚了我的问题是什么。我在 [系统登录] 下没有设置远程用户。一旦我创建了它并指定了权限级别,我就可以让半径正常工作。

这是我添加的内容:

system {
   login {
       user remote {
           uid 2001;
           class super-user;
其它你可能感兴趣的问题
上一篇Cisco ASA 5508x,VLAN 无法通信 下一篇阻止 Memcrashed 放大 DDoS 攻击