Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

An administrator receives a login prompt to a firewall running NSRP, but can't log in

0

0

Article ID: KB11380 KB Last Updated: 25 Aug 2010Version: 4.0
Summary:
An administrator receives a login prompt to a firewall in HA, but can't log in, what to do?
Symptoms:
Symptoms:
  • An administrator receives a login prompt to a firewall in HA, but can't log in
Solution:

step1  Are you using the root account, namely "netscreen" by default, of the device?

  • Yes -  You have either wrong root name or wrong password. Consult the following KBs.
            See KB5046 - I've lost the password for my Juniper Firewall, how do I Reset the Configuration or Reset a Device to Factory Defaults?
            See KB4899 - How to recover lost password with Asset Recovery on Active/Passive firewalls
  • No - Contact the root admin to seek help. For root admin, continue with Step 2

Step2  An admin user can be configured to authenticate either locally or remotely with an external server (RADIUS, SecurID, LDAP). To troubleshoot authentication issues, review the debug auth admin  output using the following commands:

undebug all           (to stop all debugs)
clear db              (to clear debug buffer)
debug auth admin      (to start auth debugging)
<have admin attempt to login to firewall>
undebug all           (to stop debugs writing to circular buffer)
get db str            (to review the debug)


note:   To manage the backup firewall via external authentication, a Manage-ip address must be configured. It is strongly recommended to configure a unique Manage-ip address for the master and backup, and then include those addresses in the Auth Server ‘client’ file.  For more information on configuring a Manage-ip address, refer to KB4059.

Note: Technical Documentation

Admin configuration is also documented in the following technical documentation:

Concepts & Examples ScreenOS Reference Guide -- Volume 3: Administration
Refer to this Guide for the Levels of Administration, Defining Admin Users, etc.

Concepts & Examples ScreenOS Reference Guide -- Volume 9: User Authentication
Refer to this Guide for External Authentication
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search