HPE Community
Comware Based
1832298 Members
1809 Online
110041 Solutions
New Discussion

RADIUS failure when Accounting is Enabled

 
Craig Kramer
Advisor

‎06-20-2016 01:27 PM

‎06-20-2016 01:27 PM

RADIUS failure when Accounting is Enabled

I have a 5920 switch configured and working with a RADIUS server (Microsoft Network Policy Server).  I recently installed a 5510 switch with FIPS mode enabled. With FIPS mode I had to have a shared secret with a minimum of 15 characters and accounting can not be disabled. Whenever I attempt to log in via RADIUS on the 5510 it fails with an accounting error.

HP 5920 - Works with RADIUS but Accounting not enabled.
----------------------------------------
radius scheme ned_radius
primary authentication xxx.xxx.xxx.xxx
primary accounting xxx.xxx.xxx.xxx
secondary authentication yyy.yyy.yyy.yyy
key authentication cipher $c$3$1QEG2Dawc2nwp9kAuq9vquD5EhNrGC4RPkoJ7iPoJQ==
user-name-format without-domain
#
domain ned
authentication login radius-scheme ned_radius local
authorization login radius-scheme ned_radius local
accounting login none

HP 5510 - FIPS enabled.

----------------------------------------
radius scheme ned_radius
primary authentication xxx.xxx.xxx.xxx
primary accounting xxx.xxx.xxx.xxx
secondary authentication yyy.yyy.yyy.yyy
secondary accounting yyy.yyy.yyy.yyy
key authentication cipher $c$3$VWAVV40uyJd6OIAAcvsqDEuju8FiCRzTEXCCwTvz6u5M3A==
user-name-format without-domain
#
domain ned
authentication login radius-scheme ned_radius local
authorization login radius-scheme ned_radius local
accounting login local

I have tried both "accounting login local" and "accounting login radius-scheme ned_radius local" both of which fail with the following error message.

HP5510 AAA/6/AAA_LAUNCH: -AAAType=AUTHENTICATION-AAADomain=ned-Service=login-UserName=admin; AAA launched.
HP5510 RADIUS/6/RADIUS_AUTH_SUCCESS: User admin from xxx.xxx.xxx.xxx was authenticated successfully.
HP5510 AAA/6/AAA_SUCCESS: -AAAType=AUTHENTICATION-AAADomain=ned-Service=login-UserName=admin; AAA succeeded.
HP5510 AAA/6/AAA_LAUNCH: -AAAType=AUTHORIZATION-AAADomain=ned-Service=login-UserName=admin; AAA launched.
HP5510 AAA/6/AAA_SUCCESS: -AAAType=AUTHORIZATION-AAADomain=ned-Service=login-UserName=admin; AAA succeeded.
HP5510 SSHS/6/SSHS_LOG: Accepted password for admin from xxx.xxx.xxx.xxx port 53948 ssh2.
HP5510 SSHS/6/SSHS_CONNECT: SSH user admin (IP: xxx.xxx.xxx.xxx) connected to the server successfully.
HP5510 AAA/6/AAA_LAUNCH: -AAAType=ACCOUNTING-AAADomain=ned-Service=login-UserName=admin; AAA launched.

HP5510 AAA/5/AAA_FAILURE: -AAAType=ACCOUNTING-AAADomain=ned-Service=login-UserName=admin; AAA failed.
HP5510 LOGIN/6/LOGIN_FAILED: admin failed to log in from xxx.xxx.xxx.xxx.
HP5510 SSHS/6/SSHS_LOG: User admin logged out from xxx.xxx.xxx.xxx port 53948.
HP5510 SSHS/6/SSHS_DISCONNECT: SSH user admin (IP: xxx.xxx.xxx.xxx) disconnected from the server.

Any idea of what needs to be configured with Accounting on either the switch or NPS to get this working?

Thanks

3 people had this problem.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.