现场SSH结合hwtacacs进行SSH登录,域的配置如下,由于认证服务器宕机,只能通过本地认证。
domain name hwtac
authentication login hwtacacs-scheme hwtac local
authorization login hwtacacs-scheme hwtac local
accounting login hwtacacs-scheme hwtac
新用户认证成功后,立即显示登录失败。
*Apr 14 15:48:34:218 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/EVENT: -MDC=1; Get default work dir: flash:, return:0
%Apr 14 15:48:34:218 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/6/SSHS_CONNECT: -MDC=1; SSH user h3cadmin01 (IP: 198.18.10.74) connected to the server successfully.
%Apr 14 15:48:40:176 2021 GDMM-XYEG-1F-S12508R-SM-E101 LOGIN/5/LOGIN_FAILED: -MDC=1; h3cadmin01 failed to log in from 198.18.10.74.
*Apr 14 15:48:43:177 2201 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/EVENT: -MDC=1; Received SIGCHLD.
*Apr 14 15:48:43:177 2201 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/EVENT: -MDC=1; Received SIGCHLD.
*Apr 14 15:48:43:177 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/EVENT: -MDC=1; Channel 0: request exit-status confirm 0
*Apr 14 15:48:43:177 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/MESSAGE: -MDC=1; Prepare packet[98].
*Apr 14 15:48:43:177 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/MESSAGE: -MDC=1; Prepare packet[98].
*Apr 14 15:48:43:178 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/EVENT:- MDC=1; Release channel 0
*Apr 14 15:48:43:178 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/EVENT:- MDC=1; Release channel 0
*Apr 14 15:48:43:178 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/EVENT: -MDC=1; Channel 0: write failed
*Apr 14 15:48:43:178 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/EVENT: -MDC=1; Channel 0: write failed
Apr 14 15:48:43:178 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/EVENT: -MDC=1; Channel 0: send EOW
Apr 14 15:48:43:178 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/EVENT: -MDC=1; Channel 0: send EOW
*Apr 14 15:48:43:178 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/MESSAGE: -MDC=1; Prepare packet[98].
*Apr 14 15:48:43:178 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/EVENT: -MDC=1; Channel 0: output state changed (open -> closed)
*Apr 14 15:48:43:178 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/EVENT: -MDC=1; Channel 0: output state changed (open -> closed)
*Apr 14 15:48:43:178 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/EVENT: -MDC=1; Close pty: pseudo-terminal-master(-1), pseudo-terminal-sub(24)
*Apr 14 15:48:43:178 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/EVENT: -MDC=1; Close pty: pseudo-terminal-master(-1), pseudo-terminal-sub(24)
Apr 14 15:48:43:178 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/EVENT: -MDC=1; Channel 0: read failed
Apr 14 15:48:43:178 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/EVENT: -MDC=1; Channel 0: read failed
*Apr 14 15:48:43:178 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/EVENT: -MDC=1; Channel 0: input state changed (open -> drain)
*Apr 14 15:48:43:178 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/EVENT: -MDC=1; Channel 0: send EOF
*Apr 14 15:48:43:178 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/EVENT: -MDC=1; Channel 0: send EOF
*Apr 14 15:48:43:178 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/MESSAGE: -MDC=1; Prepare packet[96].
*Apr 14 15:48:43:178 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/MESSAGE: -MDC=1; Prepare packet[96].
Apr 14 15:48:43:178 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/EVENT: -MDC=1; Channel 0: input state changed (drain -> closed)
*Apr 14 15:48:43:178 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/EVENT: -MDC=1; Channel 0: send SSH2_MSG_CHANNEL_CLOSE
*Apr 14 15:48:43:178 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/EVENT: -MDC=1; Channel 0: send SSH2_MSG_CHANNEL_CLOSE
*Apr 14 15:48:43:178 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/MESSAGE: -MDC=1; Prepare packet[97].
*Apr 14 15:48:43:190 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/MESSAGE: -MDC=1; Received packet type 97.
*Apr 14 15:48:43:190 2021 GDMM-XYEG-1F-S12508R-SM-E101 SSHS/7/EVENT: -MDC=1; Channel 0: received SSH2_MSG_CHANNEL_CLOSE
SSH用户登录如果不带域名,那么会选择缺省域 hwtac进行认证;domain hwtac配置了认证、授权选择先尝试进行tacacs认证授权,tacacs服务器不可达,才会选择local进行认证授权,计费配置了只走tacacs计费;现网环境中tacacs服务器不可达,所以SSH用户认证、授权最终通过本地认证、授权,但是计费只选择了tacacs,所以计费失败。针对login类型用户,如果计费失败会影响上线。而对于lan-access、Portal,计费失败不会影响用户上线。
在domain中增加计费local参数后即可认证成功。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作