HPE Community
Comware Based
1827706 Members
2616 Online
109967 Solutions
New Discussion

Comware RADIUS Login Failed

 
Vaib
Occasional Visitor

‎05-31-2017 01:27 AM

‎05-31-2017 01:27 AM

Comware RADIUS Login Failed

Hello

I am having a problem with RADIUS access on a COMWARE device

The device configuration and version information is given below

#
 domain default enable test
#
 telnet server enable
#

#
radius scheme cppm
 server-type extended
 primary authentication 124.7.227.38
 primary accounting 124.7.227.38
 key authentication cipher $c$3$ScKYCn5korupxfxBVo3nN8A5cfUSnBeo5g==
 key accounting cipher $c$3$7J4W9t3z+xp44Sbm6oT3vw1rPafxSQp/Eg==
 user-name-format without-domain
#
domain test
 authentication login radius-scheme cppm local
 authorization login radius-scheme cppm local
 accounting login radius-scheme cppm local
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
user-interface vty 0 4
 authentication-mode scheme
#

<HP>display version
HP Comware Platform Software
Comware Software, Version 5.20.106, Demo 2304L01, Standard
Copyright (c) 2010-2012 Hewlett-Packard Development Company, L.P.
HP A-MSR20-20 uptime is 20 weeks, 2 days, 0 hour, 45 minutes
Last reboot 2017/01/09 12:54:13
System returned to ROM By Power-up.

CPU type: FREESCALE PowerPC 8248 400MHz
256M bytes SDRAM Memory
4M bytes Flash Memory
Pcb               Version:  3.0
Logic             Version:  3.0
Basic    BootROM  Version:  3.09
Extended BootROM  Version:  3.13
[SLOT  0]CON            (Hardware)3.0,  (Driver)1.0,    (Cpld)3.0
[SLOT  0]AUX            (Hardware)3.0,  (Driver)1.0,    (Cpld)3.0
[SLOT  0]ETH0/0         (Hardware)3.0,  (Driver)1.0,    (Cpld)3.0
[SLOT  0]ETH0/1         (Hardware)3.0,  (Driver)1.0,    (Cpld)3.0
[SLOT  0]CELLULAR0/0    (Hardware)3.0,  (Driver)1.0,    (Cpld)3.0

The attributes returned by RADIUS server are

Radius:Cisco:Cisco-AVPair shell:roles=network-admin Radius:IETF:Login-Service 0 Radius:IETF:Service-Type 1

 

The device shows login failed. RADIUS server logs shows that authentication is successful

Can anyone help??

 

 

 

 

//
Vaib
0 Kudos
4 REPLIES 4
HP-Browniee
Respected Contributor

‎05-31-2017 01:32 AM

‎05-31-2017 01:32 AM

Re: Comware RADIUS Login Failed

Hello

Can you test following:

under domain insert following command and try again your authentication:

accounting login none

Kind regards

0 Kudos
Vaib
Occasional Visitor

‎05-31-2017 01:45 AM

‎05-31-2017 01:45 AM

Re: Comware RADIUS Login Failed

Thanks for quick reply

I changed to 'accounting login none' but issue still exists

//
Vaib
0 Kudos
HP-Browniee
Respected Contributor

‎05-31-2017 01:59 AM

‎05-31-2017 01:59 AM

Re: Comware RADIUS Login Failed

Hello

Try to enable :

 

terminal monitor
terminal debugging
debugging radius all

Authenticate again, and see what it says.

Kind regards

0 Kudos
Vaib
Occasional Visitor

‎05-31-2017 02:51 AM

‎05-31-2017 02:51 AM

Re: Comware RADIUS Login Failed

Hi

Please find the debug output

<HP>
*May 31 15:16:06:834 2017 HP RDS/7/DEBUG: Recv MSG,[MsgType=Auth request Index = 641, ulParam3=151766848]
*May 31 15:16:06:835 2017 HP RDS/7/DEBUG:
Info: Unknow IP address type in making login-ip-host attribute.
*May 31 15:16:06:835 2017 HP RDS/7/DEBUG: Send attribute list:
*May 31 15:16:06:836 2017 HP RDS/7/DEBUG:
[1  User-name                   ] [7 ] [13216]
[2  Password                    ] [18] [711D0E3F1CEB35CE9490CA0FD7FD33A1]
[4  NAS-IP-Address              ] [6 ] [210.18.5.76]
[32 NAS-Identifier              ] [4 ] [HP]
[5  NAS-Port                    ] [6 ] [0]
[87 NAS_Port_Id                 ] [34] [slot=0;subslot=0;port=0;vlanid=0]
*May 31 15:16:06:836 2017 HP RDS/7/DEBUG:
[61 NAS-Port-Type               ] [6 ] [5]
[HP-26 Connect_ID               ] [6 ] [641]
[6  Service-Type                ] [6 ] [1]
[31 Caller-ID                   ] [19] [30302D30302D30302D30302D30302D3030]
[44 Acct-Session-Id             ] [17] [1170431151614c0]
[8  Framed-Address              ] [6 ] [221.135.95.180]
*May 31 15:16:06:837 2017 HP RDS/7/DEBUG:
[HP-255Product-ID               ] [15] [HP A-MSR20-20]
[HP-60 Ip-Host-Addr             ] [34] [221.135.95.180 00:00:00:00:00:00]
[HP-59 NAS-Startup-Timestamp    ] [6 ] [1483966420]
*May 31 15:16:06:838 2017 HP RDS/7/DEBUG:
Event: Begin to switch RADIUS server when sending 0 packet.
*May 31 15:16:06:838 2017 HP RDS/7/DEBUG:
Event: Modify NAS-IP to 210.18.5.76.
*May 31 15:16:06:989 2017 HP RDS/7/DEBUG: Send: IP=[124.7.227.38], UserIndex=[641], ID=[16], RetryTimes=[0], Code=[1], Length=[216]
*May 31 15:16:07:090 2017 HP RDS/7/DEBUG:
Event: Set socket VPN attribute, VPN index=0, Result=0!
*May 31 15:16:07:140 2017 HP RDS/7/DEBUG: Send Raw Packet is:
*May 31 15:16:07:542 2017 HP RDS/7/DEBUG:
 01 10 00 d8 e0 13 99 75 35 03 33 a6 5f d4 45 b9
 1a 48 92 4d 01 07 31 33 32 31 36 02 12 71 1d 0e
 3f 1c eb 35 ce 94 90 ca 0f d7 fd 33 a1 04 06 d2
 12 05 4c 20 04 48 50 05 06 00 00 00 00 57 22 73
 6c 6f 74 3d 30 3b 73 75 62 73 6c 6f 74 3d 30 3b
 70 6f 72 74 3d 30 3b 76 6c 61 6e 69 64 3d 30 3d
 06 00 00 00 05 06 06 00 00 00 01 1f 13 30 30 2d
 30 30 2d 30 30 2d 30 30 2d 30 30 2d 30 30 2c 11
 31 31 37 30 34 33 31 31 35 31 36 31 34 63 30 08
 06 dd 87 5f b4 1a 43 00 00 63 a2 1a 06 00 00 02
 81 ff 0f 48 50 20 41 2d 4d 53 52 32 30 2d 32 30
 3c 22 32 32 31 2e 31 33 35 2e 39 35 2e 31 38 30
 20 30 30 3a 30 30 3a 30 30 3a 30 30 3a 30 30 3a
 30 30 3b 06 58 73 87 d4

*May 31 15:16:07:938 2017 HP RDS/7/DEBUG: Recv MSG,[MsgType=PKT response Index = 78, ulParam3=151217008]
*May 31 15:16:08:189 2017 HP RDS/7/DEBUG: Receive Raw Packet is:
*May 31 15:16:08:290 2017 HP RDS/7/DEBUG:
 02 10 00 4e ba fe d9 dd 62 15 4c eb ae 73 a1 c4
 fd d8 d7 9b 19 3a 97 fc 28 26 ac 13 40 4b a3 6e
 56 1b c5 1d a2 29 bd 0b 00 00 00 00 00 00 52 30
 30 30 30 30 30 64 32 2d 30 31 2d 35 39 32 65 38
 64 33 35 00 00 00 00 00 00 00 00 00 00 00

*May 31 15:16:08:391 2017 HP RDS/7/DEBUG: Receive:IP=[124.7.227.38],Code=[2],Length=[78]
*May 31 15:16:08:492 2017 HP RDS/7/DEBUG:
[25 Class                       ] [58] [97FC2826AC13404BA36E561BC51DA229BD0B0000000000005230303030303064322D30312D35393265386433350000000000000000000000]
*May 31 15:16:08:593 2017 HP RDS/7/DEBUG: Reject, Message=[Admin user's login type  mismatches the radius server assigned !]

 

 

//
Vaib
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.