HP-UX AAA Server A.07.01 Administrator's Guide
Table 28-6 EAP Problems
TroubleshootingProblem
Invalid EAP type '<invalid>' specified for the user '<user
name>' for realm '<realm name>'. Verify the EAP type
Log MessageInvalid EAP type
specified
configured for the realm 'example.com' in the appropriate
authfile in '/etc/opt/aaa'. Or, verify the EAP configuration
in the Local Realms screen in Server Manager.
The EAP type specified in the request does not match the
EAP type configured for the realm.
Cause
Configure the supplicant to use the EAP type specified
for the affected realm.
Solution
You can access the realm configuration using the Local
Realm screen in the Server Manager administration utility.
See Chapter 8, Configuring Realms on page 97 for more
information.
ProcessHandshake TLS: AAA Server generated TLS
alert:'unknown_ca'. The certificate was not accepted. The
Log MessageUnable to authenticate
CA certificate could not be located or matched with a
known trusted CA.
The CA certificate for the client’s certificate is not found
in the HP-UX AAA Server.
Cause
Configure the client to use a certificate whose CA is
specified on the HP-UX AAA Server.
Solution
Or
1. Navigate to the Certificates screen under Server
Properties in the Server Manager administration utility.
2. Specify a fully qualified filename in the .pem format.
This file must contain one of more CA certificates used
to authenticate client certificates in the Client Certificate
Authority Path field.
If the path exists, ensure that it contains the client’s CA
certificate.
Save the configuration to the HP-UX AAA Server and
restart it.
ProcessHandshake TLS: AAA Server generated TLS alert:
'certificate_expired'. Verify the validity of the user and
CA certificates.
Log Message
The client or supplicant certificate has expired.Cause
Advise the user to acquire a new certificate from the
administrator or ISP, and retry authentication.
Solution
Troubleshooting the HP-UX AAA Server 361