Troubleshooting Aaa; Troubleshooting Radius - H3C S9500E Series Security Configuration Manual

Configure the RADIUS scheme.
Create RADIUS scheme rad.
[Switch] radius scheme rad
Specify the primary authentication server.
[Switch-radius-rad] primary authentication 10.1.1.1 1812
Specify the primary accounting server.
[Switch-radius-rad] primary accounting 10.1.1.1 1813
Set the shared key for authentication packets to expert.
[Switch-radius-rad] key authentication expert
Set the shared key for accounting packets to expert.
[Switch-radius-rad] key accounting expert
Specify that a username sent to the RADIUS server carries the domain name.
[Switch-radius-rad] user-name-format with-domain
Specify the service type for the RADIUS server, which must be extended when the RADIUS server
runs CAMS or iMC.
[Switch-radius-rad] server-type extended
[Switch-radius-rad] quit
Configure the AAA methods for the domain.
[Switch] domain bbb
[Switch-isp-bbb] authentication login radius-scheme rad
[Switch-isp-bbb] authorization login radius-scheme rad
[Switch-isp-bbb] accounting login radius-scheme rad
[Switch-isp-bbb] quit
When using SSH to log in, a user enters a username in the form userid@bbb for authentication
using domain bbb.
Verify the configuration
3.
After the above configuration, the SSH user should be able to use the configured account to
access the user interface of the switch. The commands that the user can access depend on the
settings for EXEC users on the CAMS server.

Troubleshooting AAA

Troubleshooting RADIUS

Symptom 1: User authentication/authorization always fails.
Analysis:
A communication failure exists between the NAS and the RADIUS server.
1.
The username is not in the format of userid@isp-name or no default ISP domain is specified
2.
for the NAS.
The user is not configured on the RADIUS server.
3.
62