SRX Services Gateway
Highlighted
SRX Services Gateway

Confusion on SSH and PAM in SRX

‎03-04-2018 09:39 PM

Hi Folks,

 

I've spent a fair bit of yesterday and today playing around with this.  Have reached some confusing conclusions.  

Here the snippet from SRX cli,

 

Using keyboard-interactive authentication.
pam_unix: pam_sm_authenticate: UNIX authentication refused

Access denied
Using keyboard-interactive authentication.

 

My box doesn't  allow me newly created user but old user is accepted. How to get rid of this issue. Pl let me know if ur need any desired info.

5 REPLIES 5
Highlighted
SRX Services Gateway

Re: Confusion on SSH and PAM in SRX

‎03-13-2018 02:46 AM

Does anybody knows?

Highlighted
SRX Services Gateway

Re: Confusion on SSH and PAM in SRX

‎03-15-2018 09:21 PM
Can you provide a little more detail? Please share the working and non-working user configuration if possible.

Anand
Highlighted
SRX Services Gateway

Re: Confusion on SSH and PAM in SRX

‎03-19-2018 08:48 AM

Hi Anand, 

 

Thanks for your reply,

 

Pl find below, 
[edit system login]
nwsupport@M1AS-FW01# show
user nwsupport {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$LR05Bftw$CweZf0S5w5Q7n3QPuUIUD."; ## SECRET-DATA
}
}
user vis {
uid 2004;
class super-user;
authentication {
encrypted-password "$1$0eW0.xrT$B8w4hANJJLk.1Yz34HrMy."; ## SECRET-DATA
}
}

Highlighted
SRX Services Gateway

Re: Confusion on SSH and PAM in SRX

‎03-19-2018 09:43 PM

can you pl post your config and output of "run show log messages" when both users are trying log?


*************************************
HTH.
Accept this as solution if it resolved your issue.
Kudos would be appreciated too.
Highlighted
SRX Services Gateway

Re: Confusion on SSH and PAM in SRX

‎12-10-2018 02:02 AM

I found this exact error when I had managed to lockout a particular account locally on the SRX - nothing to do with RADIUS.
If like me you found this original post when searching for the PAM error quoted, then try issuing the following commands:
show system login lockout
clear system login lockout user <locked-out-user>