HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

361

362

363

364

365

366

367

368

369

370

• Authentication Relay Port: Ensure that the correct UDP port that is used to relay authentication

requests (configured in /etc/services) is specified. The default authentication relay port

is 1812.

• Accounting Relay Port: Ensure that the correct UDP port that is used to relay accounting requests

(configured in /etc/services) is specified. The default accounting relay port is 1813.

For more information on proxy server configuration, see Configuring Proxies on page 119. If a

proxy server is offline or does not forward the requests, see “Troubleshooting Flowchart” (page 346)

to troubleshoot it.

Identifying Unrecorded DHCP Failures

Unrecorded DHCP failures can occur because of a shortage of addresses in the configured address

pool, or if the DHCP server sends a malformed packet to the HP-UX AAA Server.

To determine if an unrecorded DHCP failure caused the problem, complete the following steps:

1. Access the datastore used for user profile storage as described in “Identifying Unrecorded

External Datastore Failures” (page 362).

2. If the DHCP address pool is configured, ensure that there are sufficient addresses in the pool.

3. Ensure that the DHCP server is sending valid packets to the HP-UX AAA Server.

Troubleshooting Access-Rejects from the HP-UX AAA Server

The HP-UX AAA Server sends an Access-Reject message to the RADIUS client if authentication fails.

Authentication failures occur because of incorrect configuration on the HP-UX AAA Server or the

RADIUS client, or due to incorrect credentials passed to the HP-UX AAA Server.

Use the following sections to troubleshoot problems related to authentication failures.

• “Common Authentication Failure Problems” (page 363): This section lists the common problems

related to authentication failures and the necessary corrective actions.

• “EAP Problems” (page 368): This section lists EAP implementation-specific problems related to

authentication failures.

Common Authentication Failure Problems

Compare the error messages recorded in the logfile to those in Table 102 and perform the

corresponding corrective actions.

Table 102 Common Authentication Failure Problems

TroubleshootingProblem

Authentication failed. Unsuccessful password comparison for user '<user

name>' in realm '<realm name>'. Verify password in request and user

Log MessageUnable to

authenticate

profile. Verify shared secret match between client '<client>' and client

configuration in '/etc/opt/aaa/clients' or Access Devices screen in Server

Manager

This error occurs because of any of the following reasons:Cause

• The shared secret configured for the RADIUS client and the HP-UX AAA

Server do not match.

• The password provided by the user does not match the password

configured in the user profile datastore.

Solution 1. Ensure that the shared secret configured on the RADIUS client matches

the one specified in the Access Devices screen of the Server Manager.

2. Ensure that the password supplied by the user is correct.

session_allowed: Access rejected. Active sessions for user is at maximum

configured (Simultaneous-Use) limit '<limit>

Log MessageUnable to

authenticate

Troubleshooting the HP-UX AAA Server 363