Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

RADIUS failure when Accounting is Enabled

Craig Kramer
Occasional Advisor

RADIUS failure when Accounting is Enabled

I have a 5920 switch configured and working with a RADIUS server (Microsoft Network Policy Server).  I recently installed a 5510 switch with FIPS mode enabled. With FIPS mode I had to have a shared secret with a minimum of 15 characters and accounting can not be disabled. Whenever I attempt to log in via RADIUS on the 5510 it fails with an accounting error.

HP 5920 - Works with RADIUS but Accounting not enabled.
----------------------------------------
radius scheme ned_radius
primary authentication xxx.xxx.xxx.xxx
primary accounting xxx.xxx.xxx.xxx
secondary authentication yyy.yyy.yyy.yyy
key authentication cipher $c$3$1QEG2Dawc2nwp9kAuq9vquD5EhNrGC4RPkoJ7iPoJQ==
user-name-format without-domain
#
domain ned
authentication login radius-scheme ned_radius local
authorization login radius-scheme ned_radius local
accounting login none

HP 5510 - FIPS enabled.

----------------------------------------
radius scheme ned_radius
primary authentication xxx.xxx.xxx.xxx
primary accounting xxx.xxx.xxx.xxx
secondary authentication yyy.yyy.yyy.yyy
secondary accounting yyy.yyy.yyy.yyy
key authentication cipher $c$3$VWAVV40uyJd6OIAAcvsqDEuju8FiCRzTEXCCwTvz6u5M3A==
user-name-format without-domain
#
domain ned
authentication login radius-scheme ned_radius local
authorization login radius-scheme ned_radius local
accounting login local

I have tried both "accounting login local" and "accounting login radius-scheme ned_radius local" both of which fail with the following error message.

HP5510 AAA/6/AAA_LAUNCH: -AAAType=AUTHENTICATION-AAADomain=ned-Service=login-UserName=admin; AAA launched.
HP5510 RADIUS/6/RADIUS_AUTH_SUCCESS: User admin from xxx.xxx.xxx.xxx was authenticated successfully.
HP5510 AAA/6/AAA_SUCCESS: -AAAType=AUTHENTICATION-AAADomain=ned-Service=login-UserName=admin; AAA succeeded.
HP5510 AAA/6/AAA_LAUNCH: -AAAType=AUTHORIZATION-AAADomain=ned-Service=login-UserName=admin; AAA launched.
HP5510 AAA/6/AAA_SUCCESS: -AAAType=AUTHORIZATION-AAADomain=ned-Service=login-UserName=admin; AAA succeeded.
HP5510 SSHS/6/SSHS_LOG: Accepted password for admin from xxx.xxx.xxx.xxx port 53948 ssh2.
HP5510 SSHS/6/SSHS_CONNECT: SSH user admin (IP: xxx.xxx.xxx.xxx) connected to the server successfully.
HP5510 AAA/6/AAA_LAUNCH: -AAAType=ACCOUNTING-AAADomain=ned-Service=login-UserName=admin; AAA launched.

HP5510 AAA/5/AAA_FAILURE: -AAAType=ACCOUNTING-AAADomain=ned-Service=login-UserName=admin; AAA failed.
HP5510 LOGIN/6/LOGIN_FAILED: admin failed to log in from xxx.xxx.xxx.xxx.
HP5510 SSHS/6/SSHS_LOG: User admin logged out from xxx.xxx.xxx.xxx port 53948.
HP5510 SSHS/6/SSHS_DISCONNECT: SSH user admin (IP: xxx.xxx.xxx.xxx) disconnected from the server.

Any idea of what needs to be configured with Accounting on either the switch or NPS to get this working?

Thanks