No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
Knowledge Base

AC6005 test-aaa fails,authentication fails

Publication Date:  2017-08-22  |   Views:  1161  |   Downloads:  0  |   Author:  i84076405  |   Document ID:  EKB1000825527

Contents

Issue Description

We have the following scenario:

AC6005 : V200R007C10SPC300

We have to test the authentication , using an Agile Controller as a Radius Server using accounts  from AD.

We want to be able to authenticate with AD username/password. The AD synchronization mode that we are using is non-synchronization on Agile Controller.

Non-synchronization: The accounts and organization structure on the AD/LDAP server do not need to be synchronized to the AC-Campus.
The configuration on AC and Agile looks ok , but the test-aaa fails.

<AC>test-aaa admin ****** radius-template radius-server
<AC.>
Info:Authentication fails due to incorrect name, password, shared key, and so on.ErrCode:4101

We created a local user on the Agile Controller and the test-aaa is successfully.

We have the following configuration on the AC:

Please notice the last command. In “radius-server template radius-server” we configured “radius-server shared-key cipher …..”.
In system-view we also configured the highlighted command.

Solution

The reason of failed authentication is that the radius share-key was configured in two different place.They are in conflict.

After the below command was removed , the test-aaa succeeded.

<AC>test-aaa admin ****** radius-template radius-server

<AC.>

Info:Account test succeded.

 

Thank you!