Symptom 3, Analysis, Solution – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 116: Troubleshooting hwtacacs, Troubleshooting ldap, Symptom
102
3.
UDP ports for authentication/authorization/accounting configured on the NAS are the same as
those configured on the RADIUS server.
4.
The port numbers of the RADIUS server for authentication, authorization and accounting are
available.
Symptom 3
A user is authenticated and authorized, but accounting for the user is not normal.
Analysis
1.
The accounting port number is not correct.
2.
Configuration of the authentication/authorization server and the accounting server are not correct
on the NAS. For example, one server is configured on the NAS to provide all the services of
authentication/authorization and accounting, but in fact the services are provided by different
servers.
Solution
Check that:
1.
The accounting port number is correctly set.
2.
The authentication/authorization server and the accounting server are correctly configured on the
NAS.
Troubleshooting HWTACACS
Similar to RADIUS troubleshooting. See "
."
Troubleshooting LDAP
Symptom
User authentication/authorization fails.
Analysis
1.
The device fails to communicate with the LDAP server.
2.
The specified IP address or port number of the authentication/authorization server is not correct.
3.
The username is not in the format userid@isp-name, or the ISP domain for the user authentication
is not correctly configured on the NAS.
4.
The user is not configured on the LDAP server.
5.
The password entered by the user is not correct.
6.
The administrator DN or password is not configured.
7.
The user attributes (for example, the username attribute) and the group attributes configured on the
device are not consistent with those configured on the server.
8.
No user search base DN is specified in the LDAP scheme for authentication.
9.
No group search base DN is specified in the LDAP scheme for authorization.
Solution
1.
Use the ping command to check that there is a route between the device and the LDAP server.
2.
Make sure the IP addresses and port numbers of authentication and authorization servers
configured on the device match those of the servers.
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000