HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

361

362

363

364

365

366

367

368

369

370

Table 103 EAP Problems (continued)

TroubleshootingProblem

EAP-AKA : FSM does not define all of these events:

'AKA_AUTH_BY_PERMANENT_ID', 'AKA_AUTH_BY_PSEUDON YM',

Log MessageEAP-AKA functionality

disabled

'AKA_AUTH_BY_FAST_REAUTH_ID', 'AKA_UPDATE'

'AKA_RESYNCHRONIZATION'. Disabling EAP-AKA.

If the radius.fsm file is modified prior to upgrading to HP-UX

AAA Server A.08.02 from an older version, the FSM does not

upgrade.

Cause

You must merge the changes present in the legacy FSM with the

radius.fsm file available in the HP-UX AAA Server A.08.02

release.

Resolution

For more information, see ???

SIM-TripletCalc: Required attributes missing or

malformed

Log MessageUnable to authenticate

Either the Subscriber-Key, A3-Algorithm, or

A8-Algorithm attribute is not configured, or does not meet the

required specifications.

Cause

Verify the Subscriber-Key configured for the user in the user

profile and the A3_Algorithm and A8_Algorithm configured

for the realm in the EAP.authfile file.

Resolution

For information on how to configure, see “Configuring EAP-SIM

and EAP-AKA Authentication Methods” (page 160)

AKA-VectorCalc: Required attributes missing or

malformed

Log MessageUnable to authenticate

Either the Subscriber-Key, AKA-Sequence-Number,

AKA-Mode and AKA-Algorithm attribute is not configured,

or does not meet the required specifications.

Cause

Verify the Subscriber-Key, AKA-Sequence-Number,

AKA-Mode configured for the user in the user profile and the

Resolution

AKA_Algorithm configured for the realm in the

EAP.authfile file.

For information on how to configure, see ???

Troubleshooting Provisioning Errors

The supplicant will not be able to connect to the network service unless the HP-UX AAA Server

sends the provisioning attributes (such as session key, tunneling, and filter attributes) expected by

the RADIUS client. This occurs even if the HP-UX AAA Server sends an Access-Accept to the RADIUS

client.

To troubleshoot provisioning errors, perform the following steps:

1. Check the provisioning attributes expected by the RADIUS client from the HP-UX AAA Server

(along with the Access-Accept message).

2. Verify the Reply items configured for the user in the user profile store.

3. Turn debugging on and set the debug output level to 2. For more information on using

debugging, see “The raddbginc Utility: For Setting Debug Output Levels” (page 374). Examine

the /var/opt/aaa/logs/radius.debug file for attributes sent to the Access-Accept

message. Ensure that the client is configured to expect the reply items sent by the HP-UX AAA

Server.

4. If you have modified the user profile through the Server Manager, save the changes to the

HP-UX AAA Server.

370 Troubleshooting Procedures