No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Web User Authentication Failed Because the Web Server and ME60 Ran Different Authentication Versions

Publication Date:  2013-09-25 Views:  27 Downloads:  0
Issue Description
Authentication of a web user connected to an ME60 failed.
Handling Process

The problem was caused by the ME60 or web server.

Huawei completed the following steps to diagnose the problem:

1. Pinged the web server from ME60. The web server can be pinged. The link and route advertisement between the ME60 and web server were normal.
2. Queried debug information on the ME60.

< BAS01-ME60>  debug  web packet                                              
*16.975145203 SNXA-MC-CMNET-BAS01-GX-ME60-8 WEB/7/DEBUG:Slot=0;                
Received packet from socket (length = 16 Vrf = 0):                             
Version   :
1                                                             
Type            :
challenge request                                            
Method          :
chap                                                         
SerialNo        :
60419                                                        
RequestID       :
0                                                            
UserIP          :
10.15.5.107                                                  
ErrorCode       :
0                                                             
AttributeNumber :
0                                                            
*16.975145204 SNXA-MC-CMNET-BAS01-GX-ME60-8 WEB/7/DEBUG:Slot=0;                
 01 01 00 00 ec 03 00 00 0a 0f 05 6b 00 00 00 00

3. Checked the web authentication configurations on the ME60.

[BAS01-ME60]disp web conf                                   
  Source interface      :
LoopBack0                                            
  Listening port        :
2000                                                 
  Portal           :
version 2                                             
  Include reply message :
disabled                                             
  ------------------------------------------------------------------------     
           Server  Shared-key         Port  PortFlag  NAS-IP  Vpn-instance     
  ------------------------------------------------------------------------     
    211.137.133.5  135--139           2000   NO       NO                       
   211.137.134.92  135--139           2000   NO       NO                       
   211.137.134.85  135--139           2000   NO       NO                       
   211.137.134.78  135--139           2000   NO       NO                       
   211.137.133.9  135--139           2000   NO       NO   

The web server ran authentication version 1, whereas the ME60 ran version 2.
4. Changed the authentication version to V1/V2 on ME60.

[BAS01-ME60] web-auth-server version v2  v1


Authentication was successful.

Root Cause
The Web server and ME60 ran different authentication versions.
Solution
Changed the version to V1/V2 for ME60.
Suggestions
Before performing ME60 authentication, ensure that the web server and ME60 run compatible authentication versions.

END