Troubleshooting Radius; Radius Authentication Failure - HP VSR1000 Security Configuration Manual

[Router] role default-role enable
# Configure an LDAP server.
[Router] ldap server ldap1
# Specify the IP address of the LDAP authentication server.
[Router-ldap-server-ldap1] ip 10.1.1.1
# Specify the administrator DN.
[Router-ldap-server-ldap1] login-dn cn=administrator,cn=users,dc=ldap,dc=com
# Specify the administrator password.
[Router-ldap-server-ldap1] login-password simple admin!123456
# Configure the base DN for user search.
[Router-ldap-server-ldap1] search-base-dn dc=ldap,dc=com
[Router-ldap-server-ldap1] quit
# Create an LDAP scheme.
[Sysname] ldap scheme ldap1-shml
# Specify the LDAP authentication server.
[Sysname-ldap-ldap-shml] authentication-server ldap1
[Sysname-ldap-ldap1-shml] quit
# Create ISP domain bbb and configure the authentication, authorization, and accounting
methods for login users.
[Router] domain bbb
[Router-isp-bbb] authentication login ldap-scheme ldap1-shml
[Router-isp-bbb] authorization login none
[Router-isp-bbb] accounting login none
[Router-isp-bbb] quit
Verifying the configuration
# Initiate an SSH connection to the router, and enter the username aaa@bbb and password
ldap!123456. (Details not shown.) The user logs in to the router.
# Verify that the user can use the commands permitted by the network-operator user role. (Details not
shown.)

Troubleshooting RADIUS

RADIUS authentication failure

Symptom
User authentication always fails.
Analysis
Possible reasons include:
A communication failure exists between the NAS and the RADIUS server.
•
The username is not in the format userid@isp-name, or the ISP domain is not correctly configured on
•
the NAS.
• The user is not configured on the RADIUS server.
60