HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

351

352

353

354

355

356

357

358

359

360

Table 99 Common Problems with HP-UX AAA Server Startup (continued)

TroubleshootingProblem

doconfig: init_fsm() failed rad_fsminit: duplicate state: line <line no>

<date> <time>: ‘state’ <date> <time> doconfig: init_fsm() failed

Log Message

The FSM file /etc/opt/aaa/radius.fsm contains a duplicate state

specified at line line no.

Cause

Edit the /etc/opt/aaa/radius.fsm to remove the duplicate state at

line <line no>.

Solution

vend_init: Missing Vendor number on line <line no> of vendors

dict_init: Could not initialize the 'vendors' file

Log Message

The /etc/opt/ aaa/vendors file is missing a vendor number entry

on line line no.

Cause

Edit the /etc/opt/aaa/vendors file to specify the vendor number in

line no.

Solution

dict_init: Invalid value <invalid> in column <column no> at line

<line no> in /etc/opt/aaa/dictionary. Specify <correct value

range>.

Log Message

The /etc/opt/aaa/dictionary file contains an invalid value at line

line no.

Cause

Edit the /etc/opt/aaa/dictionary file and specify a valid value as

specified by <correct value range>.

Solution

read_auth: Missing AATV for entry on line 15 of /etc/opt/aaa/authfile

doconfig: iaaa_config_files() failed.

Log MessageHP-UX AAA Server

fails to start

Authfile may have configured realm entries for Oracle or SecurID

authentication.

Cause

Starting with HP-UX AAA Server A.08.00 release, Oracle and SecurID

AATVs are obsolete. The corresponding entries must be removed from

the /etc/opt/aaa/authfile and /etc/opt/aaa/EAP.authfile.

Solution

HP recommends that you use the SQL Access AATV instead of Oracle

AATV, EAP-PEAP instead of EAP-LEAP, and OATH standard-based

authentication instead of SecurID authentication. For information on how

to configure SQL database based authentication, see “SQL Access” (page

248). For information on how to configure OTP or Two-factor authentication,

see “OATH Standards-Based OTP Authentication” (page 128).

RealmEAP::configure: Unknown AATV 'CiscoLEAP' in

'/etc/opt/aaa/EAP.authfile' at '12' for EAP-Type. Specify a valid AATV

Log MessageHP-UX AAA Server

logs an error

for EAP-TYPE RealmEAP::readauth: AATV for EAP-Type is missing or notmessage while

starting valid for realm 'oracle.test.test' on line 13 in /etc/opt/aaa/EAP.authfile

read_auth: /etc/opt/aaa/EAP.authfile ( 3 entries) read to memory, 1

error

Authfile has configured realm entries for EAP-LEAP authentication.Cause

Starting with HP-UX AAA Server A.08.00 release, EAP-LEAP AATV is

obsolete. The corresponding entries must be removed from the /etc/

opt/aaa/authfile and /etc/opt/aaa/EAP.authfile.

Solution

HP recommends that you use EAP-PEAP instead of EAP-LEAP. For

information on EAP-PEAP, see“Securing LAN Access With EAP” (page

113)

Troubleshooting Bind Errors at HP-UX AAA Server Startup

This section describes how to troubleshoot problems when you cannot start the HP-UX AAA Server

because of bind errors.

356 Troubleshooting Procedures