HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

351

352

353

354

355

356

357

358

359

360

Table 99 Common Problems with HP-UX AAA Server Startup (continued)

TroubleshootingProblem

dict_init: Invalid value <invalid> in column <column no> at line

<line no> in /etc/opt/aaa/dictionary. Specify <correct value

range>.

Log Message

The /etc/opt/aaa/dictionary file contains an invalid value at line

line no.

Cause

Edit the /etc/opt/aaa/dictionary file and specify a valid value as

specified by <correct value range>.

Solution

read_auth: Missing AATV for entry on line 15 of /etc/opt/aaa/authfile

doconfig: iaaa_config_files() failed.

Log MessageHP-UX AAA Server

fails to start

Authfile may have configured realm entries for Oracle or SecurID

authentication.

Cause

Starting with HP-UX AAA Server A.08.00 release, Oracle and SecurID

AATVs are obsolete. The corresponding entries must be removed from

the /etc/opt/aaa/authfile and /etc/opt/aaa/EAP.authfile.

Solution

HP recommends that you use the SQL Access AATV instead of Oracle

AATV, EAP-PEAP instead of EAP-LEAP, and OATH standard-based

authentication instead of SecurID authentication. For information on how

to configure SQL database based authentication, see “SQL Access” (page

247). For information on how to configure OTP or Two-factor authentication,

see “OATH Standards-Based OTP Authentication” (page 127).

RealmEAP::configure: Unknown AATV 'CiscoLEAP' in

'/etc/opt/aaa/EAP.authfile' at '12' for EAP-Type. Specify a valid AATV

Log MessageHP-UX AAA Server

logs an error

for EAP-TYPE RealmEAP::readauth: AATV for EAP-Type is missing or notmessage while

starting valid for realm 'oracle.test.test' on line 13 in /etc/opt/aaa/EAP.authfile

read_auth: /etc/opt/aaa/EAP.authfile ( 3 entries) read to memory, 1

error

Authfile has configured realm entries for EAP-LEAP authentication.Cause

Starting with HP-UX AAA Server A.08.00 release, EAP-LEAP AATV is

obsolete. The corresponding entries must be removed from the /etc/

opt/aaa/authfile and /etc/opt/aaa/EAP.authfile.

Solution

HP recommends that you use EAP-PEAP instead of EAP-LEAP. For

information on EAP-PEAP, see“Securing LAN Access With EAP” (page

112)

Troubleshooting Bind Errors at HP-UX AAA Server Startup

This section describes how to troubleshoot problems when you cannot start the HP-UX AAA Server

because of bind errors.

If you are unable to start the HP-UX AAA Server, complete the following steps:

1. Check if the radiusd daemon is already running by entering the following command:

# ps -ef |grep radiusd

If radiusd is running, the radiusd process must be displayed.

If the radiusd daemon is already running, you can stop and start the HP-UX AAA Server

from the Server Manager Administration utility or the command line. For more information,

see “Starting HP-UX AAA Servers Using Server Manager” (page 50) or “Starting HP-UX AAA

Servers From the Command Line” (page 52). You can also continue with the HP-UX AAA

Server instance that is already running.

2. Enter the following command to verify that the authentication and accounting ports specified

for the RADIUS service in /etc/services (entries for radius and radacct respectively)

are in the LISTEN state and used by the correct process. For example:

Troubleshooting the HP-UX AAA Server 355