Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Junos Space 14.1R2.9 has issue with some RADIUS/TACACS authentication configuration

0

0

Article ID: TSB16642 TECHNICAL_BULLETINS Last Updated: 26 Feb 2015Version: 4.0
Alert Type:
PSN - Product Support Notification
Product Affected:
Junos Space
Alert Description:
Customers are not able to login to Junos Space Network Management Platform after upgrading to 14.1R2.9 if they are using RADIUS/TACACS Authentication server to authenticate only.

Solution:
With Space 14.1R1.9 and earlier releases, authentication servers could be configured for authentication only. Authorization was not mandatory as it was done locally within Space.  
With Junos Space 14.1R2.9 authentication servers must also send authorization.   If authorization is not sent from the auth servers, the user cannot login to Space and is denied access.

Two workarounds are available.
  1. Create and associate a profile for users on the authentication server.  Once a profile is created and associated, services on the authentication server may need to be restarted.  
    Create a matching remote profile in Space.
    Configuration document:
     https://www.juniper.net/techpubs/en_US/junos-space14.1/platform/topics/task/configuration/platform-radius-server-configuring.html
  2. Use local authentication only



Juniper has created a patch to restore Junos Space to previous versions functionality.
Please download the patch here.
14.1R2.9 Auth patch MD5SUM: 2cabcb9040fb1605a7b8f3646aa5de93

Please call JTAC to assist installing the patch.
Instructions to install patch:  

  1. scp the patch to the Junos Space VIP node's /home/admin directory   (the VIP node has eth0:0)
  2. Login to the Space VIP node CLI, enter the "(Debug) run shell" mode and run the following commands on the VIP node:
  • cd /home/admin
  • tar xzf 14.1R2-hotpatch-v3.1.tgz
  • cd /home/admin/14.1R2-hotpatch-v3.1
  • sh patchme.sh

The patch stops the services on all nodes in the fabric, installs the patch on all nodes and restarts the services on all nodes.
Once the services are running, you will be able to login to the Junos Space webUI.

Implementation:
 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search