Unsolved
4 Posts
0
806
August 20th, 2020 12:00
N2048P radius broken for ssh auth
I have a few Dell N2048P switches. They were setup with Radius authentication and I had no issues with authenticating. A while back we had a malfunction of our radius infrastructure. In order to avoid the timeout to fallback to local authentication, I changed the aaa authentication login list to use the local list. Once we repaired the radius infrastructure, I changed it back to use the list for RADIUS, LOCAL. Mind you I did this for all of our switches, many more than just the two N2048Ps. All my switches can authenticate just fine against radius, except for one Dell Nh2048P. In looking at the radius server logs, no authentication attempt is ever made. This is also confirmed by "show radius statistics". Zero connection attempts are made. I can enable telnet, and enable auth for LOCAL and it works fine. When I try the same for ssh, local auth fails as well. Basically authentication fails by any method for ssh. Radius never logs a message. Any thoughts?
DELL-Josh Cr
Moderator
•
9.4K Posts
0
August 21st, 2020 09:00
Hi David,
Is the firmware up to date? Is it able to ping the radius server?
David-oca
4 Posts
0
August 21st, 2020 11:00
So I've come to believe that the radius configuration isn't the problem. It seems to be either the ssh server, or how it integrates authentication in general. Even when I configure login auth for local, I can't login with a local acct, but I can vie telnet.The symptom is that I'm prompted for auth, I enter the username, prompted for password, enter password, the get access denied. No auth failure is logged. I tried disabling ssh, reconfiguring the crypto and re-enabling ssh, but it made no difference.
It has an older version of code: 6.3.2.3. I'll need to figure out an outage window and schedule a reboot along with an upgrade.