cancel
Showing results for 
Search instead for 
Did you mean: 

SBR not recognize native user?

kronicklez_
Contributor

SBR not recognize native user?

Hi All,

I'm new in configuring SBR Juniper?. I'm use this url below as a reference. I cannot login to switch/equipment (EX series) using a username & password that has been configured in SBR. But i can see the log event in SBR that someone try to attempt access to the switch. FYI i just seting the basic config in SBR such as create radius client (EX) & User (Native). Is there special thing we need to put in Native user such as Attribute? Could someone verify if my switch config is corrrect as per below. Thanks.

http://www.techietips.net/juniper-radius-cisco-ios


EX4200 config

authentication-order [ radius password ];

radius-server {
10.10.18.11 secret "$9$LPIX7VsYoGDk-Vk.f5F3yle"; ## SECRET-DATA
}


accounting {
events interactive-commands;
destination {
radius {
server {
10.10.18.11 secret "$9$EvRhSeMWxdb2re24JZjitu0"; ## SECRET-DATA
}
}
}
}

23 REPLIES 23
kronicklez_
Contributor

Re: SBR not recognize native user?

H all,

Below is the log i found in SBR.

01/14/2011 13:31:10 request items don't match user/profile items, Rejecting
01/14/2011 13:31:10 Sent reject response
01/14/2011 13:31:25 request items don't match user/profile items, Rejecting
01/14/2011 13:31:25 Sent reject response

apaul_
Regular Contributor

Re: SBR not recognize native user?

Hello,

Can you try and add a Return List attribute for the User i.e. Service-Type = Administrative-User.

Also ensure no entries exits in the Check List tab for the User.

Thanks

Ashish Paul

kronicklez_
Contributor

Re: SBR not recognize native user?

Hi Paul,

Finally have someone response regarding to my problem. Many thanks Paul. I already at Return list Service-Type = Administrative but still not function. Still cannot login to equipment using username n passowrd in SBR. Currently i justinstall SBR to Windows XP. Appreciate ypur response. Thanks again. Is therer any other way ?

apaul_
Regular Contributor

Re: SBR not recognize native user?

What does the debug log indicate, ?

You need to choose Level 2 Logging for detailed Verbose logging.I am expecting to have more detailed information from the log files.

To increase Log level, browse to the SBR install directory locate the file radius.ini and open it.

Change the LogLevel and TraceLevel to values of 2 and then save the file.Restart the SBR service, perform at least 1 authentication attempt
Thanks
kronicklez_
Contributor

Re: SBR not recognize native user?

Hi Paul,

Thanks again for your feedback. I will give the ouput request at Monday. Thanks again.

kronicklez_
Contributor

Re: SBR not recognize native user?

Hi Paul,

I already do a instruction that u ask. Below is the log i get. Hopefully have someone can reply this thread. Thanks.

01/17/2011 09:35:20 -----------------------------------------------------------
01/17/2011 09:35:20 Packet containing 44 bytes successfully sent
01/17/2011 09:35:20 Sent reject response
01/17/2011 09:35:20 F:\build\tmp.3\SBR\xradius\radauthd.c radAuthHandleRequest() 3805 Exiting
01/17/2011 09:35:37 -----------------------------------------------------------
01/17/2011 09:35:37 Authentication Request
01/17/2011 09:35:37 Received from: ip=192.168.1.36 port=56045
01/17/2011 09:35:37
01/17/2011 09:35:37 Raw Packet :
01/17/2011 09:35:37 000: 01920041 7532239e c67f3050 e630c452 |...Au2#...0P.0.R|
01/17/2011 09:35:37 010: aede3d03 01084841 52524953 02129c82 |..=...HARRIS....|
01/17/2011 09:35:37 020: 7d597236 66593f5c 7377eb6c 0128200d |}Yr6fY?\sw.l.( .|
01/17/2011 09:35:37 030: 44332d4c 31382d45 53303104 06c0a801 |D3-L18-ES01.....|
01/17/2011 09:35:37 040: 24 |$ |
01/17/2011 09:35:37
01/17/2011 09:35:37 -----------------------------------------------------------
01/17/2011 09:35:37 F:\build\tmp.3\SBR\xradius\radauthd.c radAuthHandleRequest() 3050 Entering
01/17/2011 09:35:37 Looking up shared secret
01/17/2011 09:35:37 Looking for RAS client 192.168.1.36 in DB
01/17/2011 09:35:37 Matched 192.168.1.36 to RAS client D3-L18-ES01
01/17/2011 09:35:37 Parsing request
01/17/2011 09:35:37 Initializing cache entry
01/17/2011 09:35:37 Doing inventory check on request
01/17/2011 09:35:37 Getting info on requesting client
01/17/2011 09:35:37 NAS-IP-Address in request: 192.168.1.36
01/17/2011 09:35:37 -----------------------------------------------------------
01/17/2011 09:35:37 Authentication Request
01/17/2011 09:35:37 Received From: ip=192.168.1.36 port=56045
01/17/2011 09:35:37 Packet : Code = 0x1 ID = 0x92
01/17/2011 09:35:37 Client Name = D3-L18-ES01 Dictionary Name = Juniper.dct
01/17/2011 09:35:37 Vector =
01/17/2011 09:35:37 000: 7532239e c67f3050 e630c452 aede3d03 |u2#...0P.0.R..=.|
01/17/2011 09:35:37 Parsed Packet =
01/17/2011 09:35:37 User-Name : String Value = HARRIS
01/17/2011 09:35:37 User-Password : Value =
01/17/2011 09:35:37 000: 9c827d59 72366659 3f5c7377 eb6c0128 |..}Yr6fY?\sw.l.(|
01/17/2011 09:35:37 NAS-Identifier : String Value = D3-L18-ES01
01/17/2011 09:35:37 NAS-IP-Address : IPAddress = 192.168.1.36
01/17/2011 09:35:37 -----------------------------------------------------------
01/17/2011 09:35:37 Determining if request is for a tunnel
01/17/2011 09:35:37 Determining if this radius should act as a proxy
01/17/2011 09:35:37 Determining user class
01/17/2011 09:35:37 Authenticating user HARRIS with authentication method Native User
01/17/2011 09:35:37 Authenticating user HARRIS with authentication method Windows Domain User
01/17/2011 09:35:37 Authenticating user HARRIS with authentication method Windows Domain Group
01/17/2011 09:35:37 Unable to find user HARRIS with matching password
01/17/2011 09:35:37 -----------------------------------------------------------
01/17/2011 09:35:37 Authentication Response (reject)
01/17/2011 09:35:37 Packet : Code = 0x3 ID = 0x92
01/17/2011 09:35:37 Vector =
01/17/2011 09:35:37 000: 0f05dae4 e3673297 ecfb8c7b 14092ef5 |.....g2....{....|
01/17/2011 09:35:37 Reply-Message : String Value = Unauthorized User !!!
01/17/2011 09:35:37 -----------------------------------------------------------
01/17/2011 09:35:37 -----------------------------------------------------------
01/17/2011 09:35:37 Authentication Response (reject)
01/17/2011 09:35:37 Sent to: ip=192.168.1.36 port=56045
01/17/2011 09:35:37
01/17/2011 09:35:37 Raw Packet :
01/17/2011 09:35:37 000: 0392002c 0f05dae4 e3673297 ecfb8c7b |...,.....g2....{|
01/17/2011 09:35:37 010: 14092ef5 1218556e 61757468 6f72697a |......Unauthoriz|
01/17/2011 09:35:37 020: 65642055 73657220 21212120 |ed User !!! |
01/17/2011 09:35:37
01/17/2011 09:35:37 -----------------------------------------------------------
01/17/2011 09:35:37 Packet containing 44 bytes successfully sent
01/17/2011 09:35:37 Sent reject response
01/17/2011 09:35:37 F:\build\tmp.3\SBR\xradius\radauthd.c radAuthHandleRequest() 3805 Exiting

overburdened_
Contributor

Re: SBR not recognize native user?

Paul,

Have you confirmed the user name and password are the same in SBR and the client?

The SBR is clearly checking for the Native user, but is not finding a matching name/password.

01/17/2011 09:35:37 Authenticating user HARRIS with authentication method Native User

Please double check the user is created in the Native Users section of the GUI and that the password is the same.

kronicklez_
Contributor

Re: SBR not recognize native user?

Hi overburdened,

I don't get what u mean? in SBR i already add native user with password. In Client (EX4200) it just have local user. What u mean regarding client password? Thanks n appreciate your reply.

overburdened_
Contributor

Re: SBR not recognize native user?

Hi kronicklez,

By "client", I mean what ever system that is trying to connect the user. You have to be sending the username/password from somewhere. Make sure the password being sent is the same entered in the SBR Admin GUI, when you created the user account.

Have you tried more then one username/password combination?

Cheers,

Scott