HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

361

362

363

364

365

366

367

368

369

370

Table 101 External Service Failure Problems (continued)

TroubleshootingProblem

mschap2Authenticate: user ‘<user name>’ has

unknown hash ‘crypt’

Log MessageTwo-factor

authentication using

MS-CHAP v2 fails

mschap2Authenticate: user ‘<user name>’ has

when the encrypted

unknown hash ‘sha’ or Mschap2Authenticate: user

user password is

‘<user name>’ has unknown hash ‘SHA’

stored in LDAP and the

token information is

mschap2Authenticate: user ‘<user name>’ has

stored in SQL

database.

unknown hash ‘ssha’ or Mschap2Authenticate: user

‘<user name>’ has unknown hash ‘SSHA’

mschap2Authenticate: user ‘<user name>’ has

unknown hash ‘md5’

Two-factor authentication using MS-CHAP v2 supports only clear text

user password stored in LDAP.

Cause

If the user encrypted password is stored in the SQL Database, SQL

Access conversion function is required to convert the respective

Solution

encrypted password to clear text user password. MS-CHAP v2 supports

only clear text user password stored in LDAP.

iaaa.SNMP: AgentX master agent failed to respond to ping. Attempting

to re-register.

Log MessageRequest dropped for

around 18 seconds.

This problem may occur if the SNMP master agent is not responding.Cause

Ensure that the SNMP master agent is running and is responding.Solution

For more information on SNMP properties, see “The iaaa.SNMP

Property” (page 383).

Identifying Unrecorded External Datastore Failures

If your AAA environment uses one or more external datastores, a failure in a datastore can cause

the HP-UX AAA Server to be unresponsive, but not record an error to the logfile.

To determine if an unrecorded external datastore failure is causing the problem, complete the

following steps:

1. Examine the Access-Request for the User-Name attribute value to determine the realm.

2. Select the realm from the Local Realms screen of the Server Manager,

3. Check the User Profile Storage selection in the Modify Realms screen.This determines the

datastore used for the user profile. If an external datastore (for example, SQL Access) is

selected, check the datastore access parameters specified for the datastore. If Database via

SQL Access is selected, the database access parameters are specified in the DBID structure

of the /etc/opt/aaa/sqlaccess.config file.

4. Ensure that the external datastore is responsive.

Identifying Proxy Server Failures

If your AAA environment uses proxy HP-UX AAA Servers, a failure in one or more proxies can

cause the HP-UX AAA Server to be unresponsive, but not record an error to the logfile.

If proxy HP-UX AAA Servers are used, verify the proxy configuration for each proxy starting with

the proxy server closest to the RADIUS client/supplicant. For each proxy server, use the Add/Modify

Proxy screen of the Server Manager and verify the following.

• Shared Secret: The shared secret on the proxy server must match that of the remote server to

which the requests are forwarded.

• Realms to Forward: Ensure that the appropriate realms are selected.

362 Troubleshooting Procedures