Hi all, im going to be mad, i cannot authenticate user on radius server with Pass-Through authentication on my SRX1400 cluster.
Below configuration and some outputs.
Thanks in advance... if someone can help me!
me@JUNRM01> show configuration access
profile PROFILO-RADIUS {
authentication-order radius;
radius-server {
192.168.16.108 {
secret "xxxxxxxxxxxxxx"; ## SECRET-DATA
source-address 192.168.2.112;
}
}
}
firewall-authentication {
pass-through {
default-profile PROFILO-RADIUS;
http {
banner {
login "PREGO INSERIRE CREDENZIALI DI ACCESSO";
success "LOGIN ESEGUITA";
fail "NOME UTENTE O PASSWORD ERRATI";
-------------------------------------------------------------------
POLICY to be matched
match {
source-address PC_MAT_MMARASSI_10.198.1.20;
destination-address any;
application [ junos-http junos-http-ext junos-https ];
source-identity any;
}
then {
permit {
firewall-authentication {
pass-through {
access-profile PROFILO-RADIUS;
}
}
}
count;
sh log radius
Dec 29 14:43:39.914243 ###################################################################
Dec 29 14:43:39.914279 ########################### AUTH REQ RCVD #########################
Dec 29 14:43:39.914314 ###################################################################
Dec 29 14:43:39.914392 Auth-FSM: Process Auth-Request for session-id:9261371437884501280
Dec 29 14:43:39.914446 Framework: Starting authentication
Dec 29 14:43:39.914489 authd_advance_module_for_aaa_request_msg: result:0
Dec 29 14:43:39.914544 Authd module start
Dec 29 14:43:39.914582 authd_radius_start_auth: Starting RADIUS authentication
Dec 29 14:43:39.914696 authd_radius_build_basic_auth_request: got params profile=PROFILO-RADIUS, username=mberardi
Dec 29 14:43:39.914743 radius-access-request: User-Name added: mberardi
Dec 29 14:43:39.914780 radius-access-request: User-Password added: ""
Dec 29 14:43:39.914852 Verify source address c0a80270 (192.168.2.112) in routing instance index=0
Dec 29 14:43:39.915223 REQUEST: AUTHEN - module_index 0 module(radius) return: ASYNC
Dec 29 14:43:39.915293 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:2480 Could not find the requested authd attribute 10124
Dec 29 14:43:39.915346 UserAccess:mberardi session-id:9261371437884501280 state:start
Dec 29 14:43:39.992978 Radius result is CLIENT_REQ_STATUS_SUCCESS
Dec 29 14:43:39.993089 Framework - module(radius) return: FAILURE
Dec 29 14:43:39.993128 authd_advance_module_for_aaa_response_msg: result:3
Dec 29 14:43:39.993174 authd_auth_update_local_server_address ::Searching access profile PROFILO-RADIUS for local DNS Server
Dec 29 14:43:39.993236 Auth-FSM: reinterpretFsmEvent 4 to 5
Dec 29 14:43:39.993284 AuthFsm::current state=AuthStart(1) event=5 astEntry=0x208806c aaa msg=0x1f1106c
Dec 29 14:43:39.993324 Auth-FSM: Post the Auth-Response and clean up. session-id:9261371437884501280
Dec 29 14:43:39.993372 UserAccess:mberardi session-id:9261371437884501280 access-denied
Dec 29 14:43:39.993429 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:2480 Could not find the requested authd attribute 10124
Dec 29 14:43:39.993479 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:2480 Could not find the requested authd attribute 60
Dec 29 14:43:39.993574 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:2480 Could not find the requested authd attribute 62
Dec 29 14:43:39.993623 Framework: auth result is 2. Performing post-auth operations
Dec 29 14:43:39.993661 Framework: result is 2.
Dec 29 14:43:39.993703 authd_auth_send_answer: conn=2d3e000, reply-code=2 (FAIL), result-subopcode=2 (SESSION_ACTIVATE), sub-id=9261371437884501280, cookie=44, rply_len=3972, num_tlv_blocks=0
Dec 29 14:43:39.993790 Delete session:9261371437884501280
Dec 29 14:43:39.993842 Subscriber session-id:9261371437884501280 not found
Dec 29 14:43:39.993886 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:2480 Could not find the requested authd attribute 10124
Dec 29 14:43:39.993934 UserAccess:mberardi session-id:9261371437884501280 state:log-out
Dec 29 14:43:39.994029 Removing client snapshot
Dec 29 14:43:39.994197 authd_auth_aaa_msg_destroy
Dec 29 14:43:39.994253 authd_auth_aaa_msg_destructauth_aaa_msg: 0x1f1106c
Dec 29 14:43:39.994294 authd_write_conn: response is 0x2d3e05c, total len is 3972 and sent is 0
Dec 29 14:43:39.994370 authd_write_conn: response is 0x2d3e05c, wrote 3972 bytes
Dec 29 14:43:40.098675 serviceRadiusRequestQueues Serviced 1 RADIUS requests
Dec 29 14:43:40.098792 serviceRadiusRequestQueues Queue PROFILO-RADIUS has 0 requests, peak is 0
show network-access aaa radius-servers
Profile: PROFILO-RADIUS
Server address: 192.168.16.108
Authentication port: 1812
Accounting port: 1813
Status: UP