无
SSH+HWTACAS与AAA服务器失联后使用本地账号登录不生效问题:
使用AAA服务器上的账号能成功SSH登录设备,模拟AAA服务器失联情况下,使用本地账号登录失败
相关配置如下:
#
domain
xxxx
authentication login hwtacacs-scheme xxxx local
authorization login hwtacacs-scheme
xxxx
local
accounting login hwtacacs-scheme xxxx
authorization command hwtacacs-scheme
xxxx
local
accounting command hwtacacs-scheme xxxx
#
local-user h3c class manage
password hash h3c
service-type telnet ssh terminal
authorization-attribute user-role level-3
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
#
Debug如下:
SSH server error debugging switch is on
SSH server message debugging switch is on
SSH server event debugging switch is on
HWTACACS error debugging is on
HWTACACS event debugging is on
HWTACACS send-packet debugging is on
HWTACACS receive-packet debugging is on
发现TACACS持续向无效的AAA服务器IP地址发送3次请求后,便会显示登录失败,SSH登录失效。
TACACS/7/EVENT: PAM_TACACS: Processing TACACS start-accounting.
TACACS/7/EVENT: PAM_TACACS: Dispatching request, Primitive: accounting-start.
TACACS/7/EVENT: PAM_TACACS: Creqting request data, data type:
START
TACACS/7/EVENT: PAM_TACACS: Session successfully created.
ACACS/7/EVENT: PAM_TACACS: Getting available server, server-ip=1.1.1.1, server-port=49, VPN instance=--(public).
TACACS/7/EVENT: PAM_TACACS: Connecting to server...
TACACS/7/EVENT: PAM_TACACS: Connection timed out.
TACACS/7/EVENT: PAM_TACACS: Getting available server, server-ip=2.2.2.2, server-port=49, VPN instance=--(public).
TACACS/7/EVENT: PAM_TACACS: Set status of server to block successfully. serverIP: 1.1.1.1, serverPort: 49.
TACACS/7/EVENT: PAM_TACACS: Connecting to server...
Login failed.
#
domain
xxxx
authentication login hwtacacs-scheme xxxx local
authorization login hwtacacs-scheme
xxxx
local
accounting login hwtacacs-scheme
xxxx local #在这里把local添加上后问题解决
authorization command hwtacacs-scheme
xxxx
local
accounting command hwtacacs-scheme xxxx
#
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作