HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

361

362

363

364

365

366

367

368

369

370

Table 103 EAP Problems (continued)

TroubleshootingProblem

ProcessHandshake TLS: AAA Server generated TLS alert:

'certificate_revoked'. The certificates used for validation have been

revoked by the CA

Log MessageUnable to authenticate

The client or supplicant certificate has been revoked.Cause

Advise the user to acquire a new certificate from the administrator

or ISP, and retry authentication.

Solution

VerifyIdentity: Field <Field> in the user certificate did not match

the User-Id '<user-Id>' in the request.

Log Message

The User Name configured in the certificate does not match the

User Name specified in the request.

Cause

Verify the Client User Name Attribute configured in the Certificates

screen under Server Properties in the Server Manager.

Solution

This value identifies the attribute in the digital certificate used to

retrieve the user name. The user name in the user certificate

attribute value must match a valid EAP-TLS user profile.

For example, if the the Client User Name Attribute is configured

as Subject EmailAddress and the corresponding attribute

value in the certificate is test@example.com. Then,

example.com must be a valid EAP-TLS realm with test as a

valid user.

If you have modified the configuration, save the configuration to

the HP-UX AAA Server and restart it.

<EAP type> <field> missing or invalid. Verify <entry> in Server

Properties > Certificate Properties in the Server Manager and that

the file contains a valid <entry>

Log MessageUnable to authenticate

The Certificate Properties configured on the HP-UX AAA Server

are invalid.

Cause

Navigate to the Certificates screen under Server Properties of the

Server Manager. Specify a fully qualified filename for each of the

following:

Solution

• Server Certificate Path

• Server Private Key Path

• Client Certificate Authority Path

• Random Seed Path

For more information, see Chapter 13, Securing LAN Access with

EAP on page 181.

If you have modified the configuration, save the configuration to

the HP-UX AAA Server and restart it.

EAP-SIM : FSM does not define all of these events:

'SIM_AUTH_BY_PERMANENT_ID', 'SIM_AUTH_BY_PSEUDON YM',

'SIM_AUTH_BY_FAST_REAUTH_ID' 'SIM_UPDATE'. Disabling EAP-SIM.

Log MessageEAP-SIM functionality is

disabled

If the radius.fsm file is modified prior to upgrading to HP-UX

AAA Server A.08.02 from an older version, the FSM does not

upgrade.

Cause

You must merge the changes present in the legacy FSM with the

radius.fsm file available in the HP-UX AAA Server A.08.02

release.

Resolution

For more information, see “Upgrading to Version A.08.02” (page

33)

Troubleshooting the HP-UX AAA Server 369