argh. Nevermind. As usual, i figured it out shortly after sending out a request for help. The 'user' needs to be the same name as the 'class' in order for this to work. So obvious, yet overlooked.
-evt > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:juniper-nsp- > [EMAIL PROTECTED] On Behalf Of Eric Van Tol > Sent: Wednesday, December 03, 2008 12:06 PM > To: juniper-nsp@puck.nether.net > Subject: [j-nsp] JUNOS RADIUS Authentication > > Hi all, > I'm trying to configure JUNOS for RADIUS authentication and I've gotten to > the point where the user is granted access, but for some reason is > immediately logged out of the router: > > -= 11:35:13 - /home/eric =- > [506 - [EMAIL PROTECTED] ssh -l test1 172.16.200.170 > [EMAIL PROTECTED]'s password: > --- JUNOS 8.4R2.3 built 2007-09-18 09:21:59 UTC > > This account is currently not available. > Connection to 172.16.200.170 closed. > > My RADIUS and login config: > > [EMAIL PROTECTED] show system radius-server > 10.10.7.210 { > secret "$9$3UL4ntOhclMLNrewYg4ZG"; ## SECRET-DATA > source-address 172.16.200.170; > } > > [edit] > [EMAIL PROTECTED] show system login > class FullAccess { > permissions all; > } > class PartialAccess { > permissions [ view view-configuration ]; > } > user full { > class FullAccess; > } > user partial { > class PartialAccess; > } > > I'm attempting to authenticate against Windows IAS, and I believe that it > is setup properly, as I'm passing the 'Juniper-Local-User-Name' attribute > to the router, per some other posts I've found with similar setup issues. > The fact that I can get an Access-Accept packet from the RADIUS server > leads me to believe that there's something up with JUNOS. I'm trying not > to have to use the 'remote' template because I can't see how I could have > users with different access classes and setting up different users on the > router with passwords kind of defeats the purpose of RADIUS. > > Anyone else run into this before? > > Thanks, > evt > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp