SSH User Authentication using Radius 7250IXR-R6 & 7210MXP

Post Reply
fahadcsrock
Member
Posts: 1
Joined: 17 Jul 2018 23:24

SSH User Authentication using Radius 7250IXR-R6 & 7210MXP

Post by fahadcsrock » 17 Jul 2018 23:45

Hi Guys

I am new to AAA server/configuration. For lab testing i am configuring SSH user to be authenticated via AAA server (RADIUS). On Nokia router (Alcatel routers) i have configured following:

config system security
password
authentication-order radius local
exit
radius
authorization
server 1 address 192.168.0.2 secret testkey
exit

Where AAA server IP is reachable from the Router.

On Radius Server, i have configured the RADIUS client with Router's System IP and secret matched between both. User account "TGTest" has been created on users file. User file contents:

users.timetra

TGTest Password = "Test123"
Auth-Type = System,
Service-Type = Login-User,
Idle-Timeout = 600,
Timetra-Access = console,
Timetra-Home-Directory = cf3:,
Timetra-Restrict-To-Home = true
Timetra-Default-Action = permit-all,
Timetra-Cmd = "tools;telnet;configure system security",
Timetra-Action = deny


On Radius server i can see that user auth request hits the server, but it didnt authenticate.
For testing i am using Nokia AAA (10.2), where Auth VSA is already installed/defined.

The error i am getting is that "5648 11:43:40.930 TGTest login failed due to Password check failure"

I am sure its not due to Authorization, as even without Authorization knob, same issue persist.

Do someone has any working (any radius) user file for such basic testing. or any guidelines, where i am mistaken.

/Fahad

Post Reply

Return to “7210 SAS”