No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


S12700 V200R011C10 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, DAA, NAC, PPPoE, Policy Association, and IP session.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Why Users Fail Authentication When the Access Device and AAA Server Configurations Are Correct?

Why Users Fail Authentication When the Access Device and AAA Server Configurations Are Correct?

The access device manages users based on domains. A user must belong to a domain. During user access authentication, the device sends user information to the specified AAA server for authentication according to the parameters such as authentication mode and authentication server IP address configured in the user domain. When the domain name provided for user login is different from the actual user domain, the users cannot pass authentication even if the access device and AAA server configurations are correct.

The domain of a user is determined by the user name provided for login. The rules are as follows:
  • If the entered user name contains a domain name and the user name format is user-name@domain-name, the user domain is domain-name.
  • If the entered user name does not contain a domain and the user name format is user-name, the user belongs to the default system domain. By default, the global default domain is default.
For example, the user name is test and the user belongs to the domain huawei. To ensure that the user can be authenticated in the domain huawei, perform the following operations:
  • The user name entered in the client is test@huawei.
  • Run the domain huawei command in the system view to configure the global default domain to huawei.
Updated: 2019-10-21

Document ID: EDOC1000178117

Views: 124471

Downloads: 59

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next