Hi,
We are preparing to deploy a new SBR EE 6.1.7 in a RHEL VM. The simple installation & configuration ran smoothly up until I need to access the SBR Administrator, where we kept stumbled on "Error authenticating user" dialog box, while the log files showed "read access to URI '/' denied due to failed logon attempt" lines.
During the few first configurations I put the RHEL's root username as the initial admin user, and even the root has a valid password (confirmed by SSH), it can't be used to log in to the Administrator. I've tried to put other users during the configuration (with valid password) but it didn't work either. I've also tried to use the trial license alternatingly with the purchased license, but it made no difference.
I've done numerous SBR installations, both Carriers & Enterprise editions, but I don't recall stumbling to this kind of issue before. Did I miss something here?
Solved! Go to Solution.
Hi Adityori,
Also as mentioned in my first update, can you change the encryption method of local password to DES.
Regards,
Kannan
Hi Adityo Ari Nugroho ,
I understand your issue.
Please check the below KB Article which provide all steps that was guided you on phone. In case you are not able to open the KB due to your credential issues, please let me know.
Also can you change the encryption method of local password to DES.
Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks!
Regards,
Kannan
Hi Adityo Ari Nugroho ,
I understand your issue.
Please check the below KB Article, In case you are not able to open the KB due to your credential issues, please let me know.
Also can you change the encryption method of local password to DES.
Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks!
Regards,
Kannan
What's the Password encryption you are using ?
CAn you post the o/p of /etc/shadow
Thanks
Hi Ashish,
From the shadow file, it looks like the RHEL is using SHA512 (code type 6), cmiiw.
[[email protected] radius]# cat /etc/shadow root:$6$d85lYuB4$CFLuaJGq8VUnj1x9Xps1kY.EjjZXPmz0efVbzYQFrR9HK/p67Qup4ugsoCi4Y8e9dYDL39v3YiJ1cojXmdU5g.:15988:0:99999:7::: bin:*:14992:0:99999:7::: daemon:*:14992:0:99999:7::: adm:*:14992:0:99999:7::: lp:*:14992:0:99999:7::: sync:*:14992:0:99999:7::: shutdown:*:14992:0:99999:7::: halt:*:14992:0:99999:7::: mail:*:14992:0:99999:7::: uucp:*:14992:0:99999:7::: operator:*:14992:0:99999:7::: games:*:14992:0:99999:7::: gopher:*:14992:0:99999:7::: ftp:*:14992:0:99999:7::: nobody:*:14992:0:99999:7::: dbus:!!:15559:::::: vcsa:!!:15559:::::: rpc:!!:15559:0:99999:7::: abrt:!!:15559:::::: haldaemon:!!:15559:::::: ntp:!!:15559:::::: saslauth:!!:15559:::::: postfix:!!:15559:::::: rpcuser:!!:15559:::::: nfsnobody:!!:15559:::::: sshd:!!:15559:::::: tcpdump:!!:15559:::::: oprofile:!!:15559::::::
What encryptions are supported by the SBR Administrator?
Kannan,
I stumbled upon an error page while trying to open the linked KB.
Hi Adityori,
Find the below information to resolve your issue,
In Steel-Belted Radius 5.0 or later it is possible to recreate the initial administrator account; so that you can regain access to the Admin GUI.
In Solaris / Linux:
Login as the root user and open a command shell.
Navigate to the Steel-Belted Radius directory:
The default SBR 5.x location is /opt/funk/radius.
The default SBR 6.x location is /opt/JNPRsbr/radius.
Issue the following commands:
echo <username> > initial_admin_account.dat
cat initial_admin_account.dat (ensure that username is in .dat file)
./sbrd restart
Note: The <username> should be the actual username of an admin account. You must remove the <> surrounding the name. There is a redirect '>' used in the echo or cat commands to send the output to the file.
The file should be read and then deleted during SBR's startup process.
Verify that the file has been removed.
Once the service has restarted, attempt to login to the Admin GUI with the same username provided in initial_admin_account.dat.
Hope this should resolve your issue.
Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks!
Regards,
Kannan
Hi,
I've changed the encryption to DES using chpasswd command and it worked like a charm. I wonder if there is a more elegant method of changing the encryption without that command.
Thanks.
Hi Adityoari,
I am gald that the suggestion provided resolved your issue
Regards,
Kannan