Identity & Policy Control - SBR Carrier & SRC
Highlighted
Identity & Policy Control - SBR Carrier & SRC

[SBR EE] Can't login to SBR Administrator

‎10-10-2013 02:39 AM

Hi,

 

We are preparing to deploy a new SBR EE 6.1.7 in a RHEL VM. The simple installation & configuration ran smoothly up until I need to access the SBR Administrator, where we kept stumbled on "Error authenticating user" dialog box, while the log files showed "read access to URI '/' denied due to failed logon attempt" lines.

 

During the few first configurations I put the RHEL's root username as the initial admin user, and even the root has a valid password (confirmed by SSH), it can't be used to log in to the Administrator. I've tried to put other users during the configuration (with valid password) but it didn't work either. I've also tried to use the trial license alternatingly with the purchased license, but it made no difference.

 

I've done numerous SBR installations, both Carriers & Enterprise editions, but I don't recall stumbling to this kind of issue before. Did I miss something here?

-------------------------------------------------------
Adityo Ari Nugroho
JNCIP-ENT
Innovative Champion
the aim of my journey is the journey itself
8 REPLIES 8
Identity & Policy Control - SBR Carrier & SRC

Re: [SBR EE] Can't login to SBR Administrator

‎10-10-2013 03:04 AM


Hi Adityo Ari Nugroho ,

 

I understand your issue.

Please check the below KB Article which provide all steps that was guided you on phone. In case you are not able to open the KB due to your credential issues, please let me know.

 

http://kb.juniper.net/InfoCenter/indexpage=content&id=KB18191&actp=search&viewlocale=en_US&searchid=...

 

Also can you change the encryption method of local password to DES.


Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks!

Regards,
Kannan

Identity & Policy Control - SBR Carrier & SRC

Re: [SBR EE] Can't login to SBR Administrator

‎10-10-2013 03:05 AM

Hi Adityo Ari Nugroho ,

 

I understand your issue.

Please check the below KB Article, In case you are not able to open the KB due to your credential issues, please let me know.

http://kb.juniper.net/InfoCenter/indexpage=content&id=KB18191&actp=search&viewlocale=en_US&searchid=...

 

Also can you change the encryption method of local password to DES.


Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks!

 

Regards,
Kannan

Identity & Policy Control - SBR Carrier & SRC

Re: [SBR EE] Can't login to SBR Administrator

‎10-10-2013 03:23 AM

What's the Password encryption you are using ?

CAn you post the o/p of /etc/shadow

 

Thanks

Ashish Paul
Identity & Policy Control - SBR Carrier & SRC

Re: [SBR EE] Can't login to SBR Administrator

[ Edited ]
‎10-10-2013 11:41 PM

Hi Ashish,

 

From the shadow file, it looks like the RHEL is using SHA512 (code type 6), cmiiw.

[root@sbr radius]# cat /etc/shadow
root:$6$d85lYuB4$CFLuaJGq8VUnj1x9Xps1kY.EjjZXPmz0efVbzYQFrR9HK/p67Qup4ugsoCi4Y8e9dYDL39v3YiJ1cojXmdU5g.:15988:0:99999:7:::
bin:*:14992:0:99999:7:::
daemon:*:14992:0:99999:7:::
adm:*:14992:0:99999:7:::
lp:*:14992:0:99999:7:::
sync:*:14992:0:99999:7:::
shutdown:*:14992:0:99999:7:::
halt:*:14992:0:99999:7:::
mail:*:14992:0:99999:7:::
uucp:*:14992:0:99999:7:::
operator:*:14992:0:99999:7:::
games:*:14992:0:99999:7:::
gopher:*:14992:0:99999:7:::
ftp:*:14992:0:99999:7:::
nobody:*:14992:0:99999:7:::
dbus:!!:15559::::::
vcsa:!!:15559::::::
rpc:!!:15559:0:99999:7:::
abrt:!!:15559::::::
haldaemon:!!:15559::::::
ntp:!!:15559::::::
saslauth:!!:15559::::::
postfix:!!:15559::::::
rpcuser:!!:15559::::::
nfsnobody:!!:15559::::::
sshd:!!:15559::::::
tcpdump:!!:15559::::::
oprofile:!!:15559::::::

 

 What encryptions are supported by the SBR Administrator?

 

 

Kannan,

I stumbled upon an error page while trying to open the linked KB.

 

kb.error.jpg

 

 

-------------------------------------------------------
Adityo Ari Nugroho
JNCIP-ENT
Innovative Champion
the aim of my journey is the journey itself
Identity & Policy Control - SBR Carrier & SRC

Re: [SBR EE] Can't login to SBR Administrator

‎10-10-2013 11:46 PM

Hi Adityori,

Find the below information to resolve your issue,


In Steel-Belted Radius 5.0 or later it is possible to recreate the initial administrator account; so that you can regain access to the Admin GUI.


In Solaris / Linux:

 

Login as the root user and open a command shell.

Navigate to the Steel-Belted Radius directory:

The default SBR 5.x location is /opt/funk/radius.

The default SBR 6.x location is /opt/JNPRsbr/radius.

Issue the following commands:
echo <username> > initial_admin_account.dat

cat initial_admin_account.dat (ensure that username is in .dat file)

./sbrd restart

Note: The <username> should be the actual username of an admin account. You must remove the <> surrounding the name. There is a redirect '>' used in the echo or cat commands to send the output to the file.

The file should be read and then deleted during SBR's startup process.

Verify that the file has been removed.

Once the service has restarted, attempt to login to the Admin GUI with the same username provided in initial_admin_account.dat.

 

Hope this should resolve your issue.

 

Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks!

 

Regards,
Kannan

Identity & Policy Control - SBR Carrier & SRC
Solution
Accepted by topic author adityoari
‎08-26-2015 01:27 AM

Re: [SBR EE] Can't login to SBR Administrator

‎10-10-2013 11:47 PM

 


Hi Adityori,

Also as mentioned in my first update, can you change the encryption method of local password to DES.


Regards,
Kannan

Identity & Policy Control - SBR Carrier & SRC

Re: [SBR EE] Can't login to SBR Administrator

‎10-17-2013 08:13 PM

Hi,

 

I've changed the encryption to DES using chpasswd command and it worked like a charm. I wonder if there is a more elegant method of changing the encryption without that command.

 

Thanks.

-------------------------------------------------------
Adityo Ari Nugroho
JNCIP-ENT
Innovative Champion
the aim of my journey is the journey itself
Identity & Policy Control - SBR Carrier & SRC

Re: [SBR EE] Can't login to SBR Administrator

‎10-17-2013 08:31 PM

Hi Adityoari,

 

I am gald that the suggestion provided resolved your issue

 

Regards,

Kannan