H3C交换机做radius认证不成功
- 0关注
- 1收藏,4454浏览
问题描述:
一切按照官方指导配置,但是死活无法正常认证。
以下为debug信息,请大佬们分析一下,多谢 。
[A-1B104JR01-radius-huawei]*Oct 16 13:52:39:154 2020 A-1B104JR01 RADIUS/7/EVENT:
PAM_RADIUS: Processing RADIUS authentication.
*Oct 16 13:52:39:156 2020 A-1B104JR01 RADIUS/7/EVENT:
Processing AAA request data.
*Oct 16 13:52:39:156 2020 A-1B104JR01 RADIUS/7/EVENT:
Got request data successfully, primitive: authentication.
*Oct 16 13:52:39:156 2020 A-1B104JR01 RADIUS/7/EVENT:
Getting RADIUS server info.
*Oct 16 13:52:39:156 2020 A-1B104JR01 RADIUS/7/EVENT:
Got RADIUS server info successfully.
*Oct 16 13:52:39:156 2020 A-1B104JR01 RADIUS/7/EVENT:
Created request context successfully.
*Oct 16 13:52:39:157 2020 A-1B104JR01 RADIUS/7/EVENT:
Created request packet successfully, dstIP: 172.20.250.58, dstPort: 1812, VPN instance: --(public), socketFd: 34, pktID: 214.
*Oct 16 13:52:39:157 2020 A-1B104JR01 RADIUS/7/EVENT:
Added packet socketfd to epoll successfully, socketFd: 34.
*Oct 16 13:52:39:157 2020 A-1B104JR01 RADIUS/7/EVENT:
Mapped PAM item to RADIUS attribute successfully.
*Oct 16 13:52:39:157 2020 A-1B104JR01 RADIUS/7/EVENT:
Got RADIUS username format successfully, format: 2.
*Oct 16 13:52:39:158 2020 A-1B104JR01 RADIUS/7/EVENT:
Added attribute user-name successfully, user-name: heshaolin.
*Oct 16 13:52:39:158 2020 A-1B104JR01 RADIUS/7/EVENT:
Filled RADIUS attributes in packet successfully.
*Oct 16 13:52:39:158 2020 A-1B104JR01 RADIUS/7/EVENT:
Composed request packet successfully.
*Oct 16 13:52:39:158 2020 A-1B104JR01 RADIUS/7/EVENT:
Created response timeout timer successfully.
*Oct 16 13:52:39:158 2020 A-1B104JR01 RADIUS/7/PACKET:
User-Name="heshaolin"
NAS-Identifier="A-1B104JR01"
Framed-IP-Address=10.130.16.70
NAS-Port-Type=Virtual
Acct-Session-
User-Password=******
Service-Type=Login-User
NAS-IP-Address=10.130.250.107
H3c-Product-
H3c-Nas-Startup-Timestamp=1600672741
*Oct 16 13:52:39:160 2020 A-1B104JR01 RADIUS/7/EVENT:
Sent request packet successfully.
*Oct 16 13:52:39:161 2020 A-1B104JR01 RADIUS/7/PACKET:
01 d6 00 a3 b2 4c c2 d3 49 7f 30 45 2f af 5d 59
ce e9 95 4f 01 0b 68 65 73 68 61 6f 6c 69 6e 20
0d 41 2d 31 42 31 30 34 4a 52 30 31 08 06 0a 82
10 46 3d 06 00 00 00 05 2c 28 30 30 30 30 30 30
30 31 32 30 32 30 31 30 31 36 30 35 35 32 33 39
30 30 30 30 30 30 30 31 30 38 31 30 33 35 33 36
02 12 ea 4f d2 af 03 71 af 27 3e 06 1c 38 b2 40
88 d0 06 06 00 00 00 01 04 06 0a 82 fa 6b 1a 19
00 00 63 a2 ff 13 48 33 43 20 53 35 31 33 30 53
2d 35 32 53 2d 45 49 1a 0c 00 00 63 a2 3b 06 5f
68 53 e5
*Oct 16 13:52:39:162 2020 A-1B104JR01 RADIUS/7/EVENT:
PAM_RADIUS: Sent authentication request successfully.
*Oct 16 13:52:39:162 2020 A-1B104JR01 RADIUS/7/EVENT:
Sent request packet and create request context successfully.
*Oct 16 13:52:39:162 2020 A-1B104JR01 RADIUS/7/EVENT:
Added request context to global table successfully.
*Oct 16 13:52:39:162 2020 A-1B104JR01 RADIUS/7/EVENT:
Processing AAA request data.
*Oct 16 13:52:39:177 2020 A-1B104JR01 RADIUS/7/EVENT:
Reply SocketFd recieved EPOLLIN event.
*Oct 16 13:52:39:178 2020 A-1B104JR01 RADIUS/7/EVENT:
Received reply packet succuessfully.
*Oct 16 13:52:39:179 2020 A-1B104JR01 RADIUS/7/EVENT:
Found request context, dstIP: 172.20.250.58, dstPort: 1812, VPN instance: --(public), socketFd: 34, pktID: 214.
*Oct 16 13:52:39:179 2020 A-1B104JR01 RADIUS/7/EVENT:
The reply packet is valid.
*Oct 16 13:52:39:180 2020 A-1B104JR01 RADIUS/7/EVENT:
Decoded reply packet successfully.
*Oct 16 13:52:39:180 2020 A-1B104JR01 RADIUS/7/PACKET:
Hw-Exec-Privilege=15
Service-Type=Login-User
Hw-Exec-Privilege=15
Service-Type=Login-User
Class=0x754806a50000013700010200ac14fa3a00000000000000000000000001d697df05d95f4e0000000000000796
*Oct 16 13:52:39:180 2020 A-1B104JR01 RADIUS/7/PACKET:
02 d6 00 66 06 de 54 08 00 af 47 84 19 89 a9 a3
6f 55 4c 1f 1a 0c 00 00 07 db 1d 06 00 00 00 0f
06 06 00 00 00 01 1a 0c 00 00 07 db 1d 06 00 00
00 0f 06 06 00 00 00 01 19 2e 75 48 06 a5 00 00
01 37 00 01 02 00 ac 14 fa 3a 00 00 00 00 00 00
00 00 00 00 00 00 01 d6 97 df 05 d9 5f 4e 00 00
00 00 00 00 07 96
*Oct 16 13:52:39:181 2020 A-1B104JR01 RADIUS/7/EVENT:
PAM_RADIUS: Fetched authentication reply-data successfully, resultCode: 0
*Oct 16 13:52:39:181 2020 A-1B104JR01 RADIUS/7/EVENT:
PAM_RADIUS: Received authentication reply message, resultCode: 0
%Oct 16 13:52:39:184 2020 A-1B104JR01 SSHS/6/SSHS_LOG: Authorization failed for user heshaolin from 10.130.16.70 port 63011.
*Oct 16 13:52:39:186 2020 A-1B104JR01 RADIUS/7/EVENT:
Sent reply message successfully.
%Oct 16 13:52:40:380 2020 A-1B104JR01 SSHS/6/SSHS_DISCONNECT: SSH user heshaolin (IP: 10.130.16.70) disconnected from the server.
组网及组网描述:
- 2020-10-16提问
- 举报
-
(0)
最佳答案
授权失败了,现场查下设备和服务器侧相关授权配置吧
%Oct 16 13:52:39:184 2020 A-1B104JR01 SSHS/6/SSHS_LOG: Authorization failed for user heshaolin from 10.130.16.70 port 63011.
- 2020-10-16回答
- 评论(1)
- 举报
-
(0)
大佬,再帮忙 看看。我下面有描述 。谢谢。
您好,请知:
%Oct 16 13:52:39:184 2020 A-1B104JR01 SSHS/6/SSHS_LOG: Authorization failed for user heshaolin from 10.130.16.70 port 63011. //看到了授权失败了。
进一步检查下设备端和服务器的radius的配置。
同时检查下是否有安全设备拦截了相应的端口。
- 2020-10-16回答
- 评论(1)
- 举报
-
(0)
大佬,再帮忙 看看。我下面有描述 。谢谢。
大佬,再帮忙 看看。我下面有描述 。谢谢。
Hw-Exec-Privilege=15很明显啊,你下发的这个参数是给华为的,华三的参数是: Exec-Privilege
华三的厂商代号是 25506 华为的是2011 vendor的选项
顺便抓包看看 Attribute Value Pairs 的参数拿到是H3C还是HUAWEI,这俩是下发权限的关键
- 2023-09-26回答
- 评论(0)
- 举报
-
(0)
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
大佬,再帮忙 看看。我下面有描述 。谢谢。