M9000-S配置RBM之后设备管理用户认证备机登录闪退
- 0关注
- 0收藏 1562浏览
组网及说明
不涉及
问题描述
RBM的防火墙配置设备管理用户认证之后,主机登录正常,备机登录认证闪退。
Connecting to 10.45.209.202:22...
Connection established.
To escape to local shell, press Ctrl+Alt+].
WARNING! The remote SSH server rejected X11 forwarding request.
******************************************************************************
* Copyright (c) 2004-2021 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner"s prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
Connection closed.
Disconnected from remote host(9008-2) at 17:04:21.
Type `help" to learn how to use Xshell prompt.
[C:\~]$
过程分析
替换软件测试都是一样的故障现象,
查看两台设备配置,除了NAS ip不一样之外,其他的配置都是一样的,主机登录正常,debug调试授权通过之后正常报日志
*Oct 15 17:01:07:362 2021 ***************************** RADIUS/7/EVENT:
PAM_RADIUS: Processing RADIUS authorization.
*Oct 15 17:01:07:363 2021 ***************************** RADIUS/7/EVENT:
PAM_RADIUS: RADIUS Authorization successfully.
%Oct 15 17:01:07:364 2021 ***************************** SSHS/6/SSHS_LOG: Accepted password for ceshi from 10.45.209.122 port 60627.
%Oct 15 17:01:08:404 2021 ***************************** SSHS/6/SSHS_CONNECT: SSH user ceshi (IP: 10.45.209.122) connected to the server successfully.
%Oct 15 17:01:08:753 2021 ***************************** SHELL/5/SHELL_LOGIN: ceshi logged in from 10.45.209.122.
备机登录debug调试看到授权也是通过的,但是之后立马报logout
*Oct 15 16:20:35:532 2021 ***************************** RADIUS/7/EVENT:
PAM_RADIUS: RADIUS Authorization successfully.
%Oct 15 16:20:35:533 2021 ***************************** SSHS/6/SSHS_LOG: Accepted password for ceshi@acs from 10.45.209.122 port 50427.
%Oct 15 16:20:36:576 2021 ***************************** SSHS/6/SSHS_CONNECT: SSH user ceshi @acs (IP: 10.45.209.122) connected to the server successfully.
%Oct 15 16:20:36:882 2021 ***************************** SSHS/6/SSHS_LOG: User ceshi @acs logged out from 10.45.209.122 port 50427.
%Oct
15 16:20:36:882 2021
***************************** SSHS/6/SSHS_DISCONNECT: SSH
user
ceshi @acs (IP: 10.45.209.122) disconnected from the server.
以上流程查看授权过程貌似不存在问题,但是在此对比两台主机的配置,发现备机的本地认证通过之后没有默认角色,RBM没有将role default-role enable network-admin同步到备机。
解决方法
在备机上手动配置role default-role enable network-admin,问题解决。
该案例暂时没有网友评论
编辑评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作