HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

481

482

483

484

485

486

487

488

489

490

3. Check the User Profile Storage selection in the Modify Realms screen.This

determines the datastore used for the user profile. If an external datastore (for

example, SQL Access) is selected, check the datastore access parameters specified

for the datastore. If Database via SQL Access is selected, the database access

parameters are specified in the DBID structure of the /etc/opt/aaa/

sqlaccess.config file.

4. Ensure that the external datastore is responsive.

Identifying Proxy Server Failures

If your AAA environment uses proxy HP-UX AAA Servers, a failure in one or more

proxies can cause the HP-UX AAA Server to be unresponsive, but not record an error

to the logfile.

If proxy HP-UX AAA Servers are used, verify the proxy configuration for each proxy

starting with the proxy server closest to the RADIUS client/supplicant. For each proxy

server, use the Add/Modify Proxy screen of the Server Manager and verify the following.

• Shared Secret: The shared secret on the proxy server must match that of the remote

server to which the requests are forwarded.

• Realms to Forward: Ensure that the appropriate realms are selected.

• Authentication Relay Port: Ensure that the correct UDP port that is used to relay

authentication requests (configured in /etc/services) is specified. The default

authentication relay port is 1812.

• Accounting Relay Port: Ensure that the correct UDP port that is used to relay

accounting requests (configured in /etc/services) is specified. The default

accounting relay port is 1813.

For more information on proxy server configuration, see Configuring Proxies on page

119. If a proxy server is offline or does not forward the requests, see “Troubleshooting

Flowchart” (page 460) to troubleshoot it.

Identifying Unrecorded DHCP Failures

Unrecorded DHCP failures can occur because of a shortage of addresses in the

configured address pool, or if the DHCP server sends a malformed packet to the HP-UX

AAA Server.

To determine if an unrecorded DHCP failure caused the problem, complete the following

steps:

1. Access the datastore used for user profile storage as described in “Identifying

Unrecorded External Datastore Failures” (page 483).

2. If the DHCP address pool is configured, ensure that there are sufficient addresses

in the pool.

3. Ensure that the DHCP server is sending valid packets to the HP-UX AAA Server.

484 Troubleshooting Procedures