Junos OS

Hi,

Should be a nice quick one....

I have configured AAA authorisation for centralised administration of our Data Network and now I need to set a new root password.

Strange thing is, I log on as root to configure this and I don't have access to anything, not even configuration mode.

Is this due to AAA access requirement? If so, how do I get around this? Add root as a user to the group?

What is the authentication order configured? Are you able to execute "show cli authorization" command?

How weird is that....

root@THW-SRX-01> show cli authorization
Current user: 'remote' login: 'root' class 'read-only'
Permissions:
view -- Can view current values and statistics
Individual command authorization:
Allow regular expression: none
Deny regular expression: none
Allow configuration regular expression: none
Deny configuration regular expression: none

Root comes up as "read-only"....

Authentication order is "radius" and then "password".... I did not think this would affect root though....

I believe that you are using /etc/password for user information in your AAA server, which has root user. That is why AAA server is returning local user as "remote" for root user. You may have to fine-tune AAA config

Thanks Nellikka.

I will tweak the AAA. Just to confirm, I changed the authenticaiton order to [password radius] and it worked, so it is indeed something to do with the AAA.