windows下ACS服务器的认证
2012-08-29 09:30
246 查看
windows下ACS服务器的认证路由器配置:示意图:
telnet:[Router]display version
Copyright Notice:
All rights reserved (Aug 15 2006).
Without the owner's prior written consent, no decompiling
or reverse-engineering shall be allowed.
Huawei Versatile Routing Platform Software
VRP (R) software, Version 1.74 Release 0119P02
Copyright(c) 2004-2006 by Huawei Technologies Co., Ltd.
Quidway R2621 uptime is 0 day 0 hour 32 minutes 45 seconds
System returned to ROM by power-on.
Quidway R2621 with 1 MPC 8240 Processor
Router serial number is 8040C5ED0A394C6C
32M bytes SDRAM
8192K bytes Flash Memory
0K bytes NVRAM
Config Register points to FLASH
Hardware Version is MTR 1.1
CPLD Version is CPLD 3.0
Bootrom Version is 7.08
[AUX ] AUX Hardware Version is 1.0, Driver Version is 1.0
[LAN ] 2FE Hardware Version is 2.0, Driver Version is 2.0
[WAN ] SAB Hardware Version is 1.0, Driver Version is 1.0
[Slot 0] 16AS Hardware Version is 2.1, Driver Version is 1.0默认aaa enable 已开启[Router]aaa authentication-scheme ?
login Specify login authentication scheme list
ppp Specify PPP authentication scheme list[Router]aaa authentication-scheme login ?
default Default scheme list name
STRING<1-20> Named scheme list name
[Router]aaa authentication-scheme login default ?
local Use local database
none Succeed without authentication
radius Use radius server
template Use hwtacacs server template
[Router]aaa authentication-scheme login default radius[Router]radius server ?
STRING<1-20> Host name of the RADIUS server
X.X.X.X IP address of the RADIUS server
[Router]radius server 192.168.101.22
[Router]radius shared-key ?
STRING<1-16> Key used to authentication and encryption
[Router]radius shared-key 123456[Router]int e1[Router-Ethernet1]ip add 192.168.101.11 24[Router-Ethernet1]ping 192.168.101.22
PING 192.168.101.22: 56 data bytes, press CTRL_C to break
Reply from 192.168.101.22: bytes=56 Sequence=0 ttl=64 time = 2 ms
Reply from 192.168.101.22: bytes=56 Sequence=1 ttl=64 time = 1 ms
Reply from 192.168.101.22: bytes=56 Sequence=2 ttl=64 time = 2 ms
Reply from 192.168.101.22: bytes=56 Sequence=3 ttl=64 time = 1 ms
Reply from 192.168.101.22: bytes=56 Sequence=4 ttl=64 time = 1 ms客户机测试:
问题:
由于ACS服务器没有增加客户端
登录成功后级别为0改变成中文方式![Router]lang
Current Language : ENGLISH
Will you switch language mode ?(Y/N)y
You have changed the language mode[Router]?
aaa 指定 AAA(认证,授权和记费)配置
aaa-enable 使能AAA(认证,授权和计费)
access-server 指定接入服务器监听端口信息
access-tty 指定接入客户端配置信息查看个别信息
防火墙配置:示意图:
telnet:
Username:gjp@gjp2
Password:
<H3C>?
User view commands:
boot Upgrade bootrom
cd Change current directory
clock Specify the system clock
copy Copy from one file to another
debugging Enable system debugging functions级别为3 管理员级别(说明已引用ACS 上导入H3C的私有属性)显示telnet的当前配置文档:[H3C]dis cu
#
sysname H3C
#
firewall packet-filter enable
firewall packet-filter default permit
#
insulate
#
firewall statistic system enable
#
radius scheme system
server-type extended
radius scheme gjp
server-type extended
primary authentication 192.168.101.22
key authentication 123456
user-name-format without-domain
#
domain gjp2
scheme radius-scheme gjp
access-limit enable 10
accounting optional
domain system
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 192.168.101.12 255.255.255.0
firewall zone local
set priority 100
#
firewall zone trust 默认
add interface Ethernet0/0
set priority 85
#
firewall zone untrust
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
FTP server enable
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
returnSSH:[H3C]rsa local-key-pair ?
create Create new local key pairs
destroy Destroy the local key pairs[H3C]rsa local-key-pair create
The key name will be: H3C_Host
% RSA keys defined for F4_Host already exist.
Confirm to replace them? [Y/N]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 1024]:
Generating keys...
........................................................................................++++++
...............................................++++++
............................++++++++
...++++++++
.................
[H3C]user-interface vty 0 4
[H3C-ui-vty0-4]protocol inbound ?
all All protocol
ssh SSH protocol
telnet Telnet protocol[H3C-ui-vty0-4]protocol inbound all
[H3C-ui-vty0-4]authentication-mode ?
none Login without checking
password Use terminal interface password
scheme Authentication use AAA authorization authentication table[H3C-ui-vty0-4]authentication-mode scheme
[H3C-ui-vty0-4]quit[H3C]ssh authentication-type default ?
all All authentication
password Password authentication
password-publickey Password and Publickey authentication
rsa RSA authentication[H3C]ssh authentication-type default all[H3C]radius scheme gjp
[H3C-radius-gjp]server-type ?
extended Server based on RADIUS extensions
standard Server based on RFC protocol(s)ssh都可以登录,只是权限比较低!(前提该类型必须是standard)
选组1:
telnet:[Router]display version
Copyright Notice:
All rights reserved (Aug 15 2006).
Without the owner's prior written consent, no decompiling
or reverse-engineering shall be allowed.
Huawei Versatile Routing Platform Software
VRP (R) software, Version 1.74 Release 0119P02
Copyright(c) 2004-2006 by Huawei Technologies Co., Ltd.
Quidway R2621 uptime is 0 day 0 hour 32 minutes 45 seconds
System returned to ROM by power-on.
Quidway R2621 with 1 MPC 8240 Processor
Router serial number is 8040C5ED0A394C6C
32M bytes SDRAM
8192K bytes Flash Memory
0K bytes NVRAM
Config Register points to FLASH
Hardware Version is MTR 1.1
CPLD Version is CPLD 3.0
Bootrom Version is 7.08
[AUX ] AUX Hardware Version is 1.0, Driver Version is 1.0
[LAN ] 2FE Hardware Version is 2.0, Driver Version is 2.0
[WAN ] SAB Hardware Version is 1.0, Driver Version is 1.0
[Slot 0] 16AS Hardware Version is 2.1, Driver Version is 1.0默认aaa enable 已开启[Router]aaa authentication-scheme ?
login Specify login authentication scheme list
ppp Specify PPP authentication scheme list[Router]aaa authentication-scheme login ?
default Default scheme list name
STRING<1-20> Named scheme list name
[Router]aaa authentication-scheme login default ?
local Use local database
none Succeed without authentication
radius Use radius server
template Use hwtacacs server template
[Router]aaa authentication-scheme login default radius[Router]radius server ?
STRING<1-20> Host name of the RADIUS server
X.X.X.X IP address of the RADIUS server
[Router]radius server 192.168.101.22
[Router]radius shared-key ?
STRING<1-16> Key used to authentication and encryption
[Router]radius shared-key 123456[Router]int e1[Router-Ethernet1]ip add 192.168.101.11 24[Router-Ethernet1]ping 192.168.101.22
PING 192.168.101.22: 56 data bytes, press CTRL_C to break
Reply from 192.168.101.22: bytes=56 Sequence=0 ttl=64 time = 2 ms
Reply from 192.168.101.22: bytes=56 Sequence=1 ttl=64 time = 1 ms
Reply from 192.168.101.22: bytes=56 Sequence=2 ttl=64 time = 2 ms
Reply from 192.168.101.22: bytes=56 Sequence=3 ttl=64 time = 1 ms
Reply from 192.168.101.22: bytes=56 Sequence=4 ttl=64 time = 1 ms客户机测试:
问题:
由于ACS服务器没有增加客户端
登录成功后级别为0改变成中文方式![Router]lang
Current Language : ENGLISH
Will you switch language mode ?(Y/N)y
You have changed the language mode[Router]?
aaa 指定 AAA(认证,授权和记费)配置
aaa-enable 使能AAA(认证,授权和计费)
access-server 指定接入服务器监听端口信息
access-tty 指定接入客户端配置信息查看个别信息
防火墙配置:示意图:
telnet:
Username:gjp@gjp2
Password:
<H3C>?
User view commands:
boot Upgrade bootrom
cd Change current directory
clock Specify the system clock
copy Copy from one file to another
debugging Enable system debugging functions级别为3 管理员级别(说明已引用ACS 上导入H3C的私有属性)显示telnet的当前配置文档:[H3C]dis cu
#
sysname H3C
#
firewall packet-filter enable
firewall packet-filter default permit
#
insulate
#
firewall statistic system enable
#
radius scheme system
server-type extended
radius scheme gjp
server-type extended
primary authentication 192.168.101.22
key authentication 123456
user-name-format without-domain
#
domain gjp2
scheme radius-scheme gjp
access-limit enable 10
accounting optional
domain system
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 192.168.101.12 255.255.255.0
firewall zone local
set priority 100
#
firewall zone trust 默认
add interface Ethernet0/0
set priority 85
#
firewall zone untrust
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
FTP server enable
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
returnSSH:[H3C]rsa local-key-pair ?
create Create new local key pairs
destroy Destroy the local key pairs[H3C]rsa local-key-pair create
The key name will be: H3C_Host
% RSA keys defined for F4_Host already exist.
Confirm to replace them? [Y/N]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 1024]:
Generating keys...
........................................................................................++++++
...............................................++++++
............................++++++++
...++++++++
.................
[H3C]user-interface vty 0 4
[H3C-ui-vty0-4]protocol inbound ?
all All protocol
ssh SSH protocol
telnet Telnet protocol[H3C-ui-vty0-4]protocol inbound all
[H3C-ui-vty0-4]authentication-mode ?
none Login without checking
password Use terminal interface password
scheme Authentication use AAA authorization authentication table[H3C-ui-vty0-4]authentication-mode scheme
[H3C-ui-vty0-4]quit[H3C]ssh authentication-type default ?
all All authentication
password Password authentication
password-publickey Password and Publickey authentication
rsa RSA authentication[H3C]ssh authentication-type default all[H3C]radius scheme gjp
[H3C-radius-gjp]server-type ?
extended Server based on RADIUS extensions
standard Server based on RFC protocol(s)ssh都可以登录,只是权限比较低!(前提该类型必须是standard)
选组1:
相关文章推荐
- windows下ACS服务器的认证(h3c)【路由器、交换机】
- windows下ACS服务器的认证
- windows下ACS服务器的认证(交换机)
- Windows下ACS服务器认证(telnet+ssh)[h3c交换机]
- 802.1X认证+DHCP+ACS Server+Windows XP
- 无法在web服务器上启动调试。调试失败,因为没有启用集成windows身份认证
- 利用ACS服务器实现用户的认证、授权和审计
- 802.1X认证+DHCP+ACS Server+Windows XP
- 无法在Web服务器上启动调试。调试失败,因为没有启用集成Windows身份认证。
- 802.1X认证+DHCP+ACS Server+Windows XP
- 无法在Web服务器上启动调试。调试失败,因为没有启用集成Windows身份认证。
- cisco wlc 4402结合windows 2003 acs4.2的用户认证和web页面认证的配置
- 无法在Web服务器上启动调试。调试失败,因为没有启用集成Windows身份认证
- windows平台ACS服务器之间的数据冗余
- windows平台ACS服务器之间的数据冗余
- 无法在Web服务器上调试程序,调试失败,因为没有启动集成windows身份认证
- 將本地windows 变成 git server服务器
- windows下 memcached 和 redis 服务器安装
- windows符号服务器地址
- 使用Windows系统远程连接Windows server服务器