HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

481

482

483

484

485

486

487

488

489

490

Troubleshooting Access-Rejects from the HP-UX AAA Server

The HP-UX AAA Server sends an Access-Reject message to the RADIUS client if

authentication fails. Authentication failures occur because of incorrect configuration

on the HP-UX AAA Server or the RADIUS client, or due to incorrect credentials passed

to the HP-UX AAA Server.

Use the following sections to troubleshoot problems related to authentication failures.

• “Common Authentication Failure Problems” (page 485): This section lists the

common problems related to authentication failures and the necessary corrective

actions.

• “EAP Problems” (page 493): This section lists EAP implementation-specific problems

related to authentication failures.

Common Authentication Failure Problems

Compare the error messages recorded in the logfile to those in Table 30-5 and perform

the corresponding corrective actions.

Table 30-5 Common Authentication Failure Problems

TroubleshootingProblem

Authentication failed. Unsuccessful password comparison for

user '<user name>' in realm '<realm name>'. Verify password

Log MessageUnable to

authenticate

in request and user profile. Verify shared secret match between

client '<client>' and client configuration in '/etc/opt/aaa/clients'

or Access Devices screen in Server Manager

This error occurs because of any of the following reasons:Cause

• The shared secret configured for the RADIUS client and the

HP-UX AAA Server do not match.

• The password provided by the user does not match the

password configured in the user profile datastore.

Solution 1. Ensure that the shared secret configured on the RADIUS client

matches the one specified in the Access Devices screen of the

Server Manager.

2. Ensure that the password supplied by the user is correct.

session_allowed: Access rejected. Active sessions for user is at

maximum configured (Simultaneous-Use) limit '<limit>

Log MessageUnable to

authenticate

The HP-UX AAA Server received an Access-Request from a user

whose number of active sessions equal the configured

simultaneous session limit.

Cause

Or,

The NAS went offline abruptly and resulted in a stale session in

the HP-UX AAA Server, for the affected user.

Troubleshooting the HP-UX AAA Server 485