HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

341

342

343

344

345

346

347

348

349

350

The HP-UX AAA Server is administered through the Server Manager. Here, problems with the

browser, Tomcat, and RMI object, or incorrect credentials by the administrator can lead to problems

while launching or using the Server Manager.

Probable Causes for Failure

This section discusses the problems, limitations, and considerations before troubleshooting the AAA

environment.

Configuration Problems

The RADIUS client, supplicant, or the HP-UX AAA Server is configured incorrectly and lead to

problems.

Some configuration related problems can result in the HP-UX AAA Server silently discarding the

message without any reply being sent to the RADIUS client. For example, if the authentication

queue is full, subsequent authentication requests are dropped.

External Service Problems

The HP-UX AAA Server interoperates with external services in the environment, such as database

servers, LDAP, DHCP, and SNMP. The following problems can be caused by external services:

• An external service failure can result in the HP-UX AAA Server not sending a reply back to

the RADIUS client.

• The RADIUS message packet contains information about the realm. The realm configuration

specifies the external datastore used for user profile lookup. This information can be used to

identify the external service accessed to process the RADIUS request.

Some external service failures do not result in the HP-UX AAA Server recording a message in

the server logfile. For example, if the HP-UX AAA Server times out on waiting on a busy

database server, it does not record an error in the logfile. No reply is sent to the RADIUS

client.

Protocol Limitations

The HP-UX AAA Server communicates with the RADIUS client using the RADIUS protocol. The

RADIUS protocol has the following limitations:

• RADIUS packets are transmitted using the connectionless UDP transport protocol. Therefore,

a RADIUS request that does not reach the recipient needs to be retransmitted by the sender.

Usually, the sender retransmits the request if it times out while waiting for the acknowledgement.

• The RADIUS protocol specification allows the HP-UX AAA Server to send Access-Accept and

Access-Reject messages only, in response to an Access-Request. The HP-UX AAA Server cannot

send status information about a request to the RADIUS client.

Messages that do not contain correct information in accordance with the RADIUS protocol

specifications will be silently discarded by the HP-UX AAA Server without any reply or status being

sent to the client

Supplicants connecting to the HP-UX AAA Server over a WLAN can use EAP protocols. The same

EAP protocols must be configured at the supplicant, access point, and HP-UX AAA Server EAP

realm configuration.

344 Troubleshooting Overview