Network Management

Hello

Now i already set up windows domain authenticate with UAM success without inode. when user authentication on windows in domain network will assign vlan automatical. and user can loadding profile. after that status in media State of interface change from Attemping to authenticate > Enable >  Attempong to authenticate > and authentication failed. and cannot authenticate again. please help.

IMC and UAM version is IMC PLAT 7.1 (E0302)

Switch is HP A5500 EI

Sorry for my english is not good

It's difficult to follow what's going on here.  Can you provide more detail, or confirm the following?

>You are trying to authenticate Windows clients with the windows supplicant.  (You are not testing iNode)
>Authentication passes and Dynamic VLAN assignment via UAM access profile works... initially anyway
>However during that time... the interface in windows (ncpa.cpl) goes from an enabled state back to attemting to authenticate, then subsequently fails.

I would check  a couple of things.
1. From the network connections windown (run menu 'ncpa.cpl') right click the interface --> Authentication tab ... I'm not in front of a client machine, but I believe it's the advanced button where you can specify to use user authentication (vs computer or user authentication).  The default is both, it may be that the system passes one and fails the other.  Changing this setting will narrow the troubleshooting.

2. Run Wireshark on the IMC server or UAM sub-server, (whatever server UAM is running on) setup a filter to display radius.  Look at the radius requests coming in when you are testing the clients, and the radius accept, radius deny messages to see what kind of auth is attemted, what the error messages returned are, etc.

Good Luck

PL 

When "user or computer" authentication is selected, the system will send machine credentials BEFORE user login and user credential AFTER user login.

Could be your computer account is authenticating but user is failing? 

The authentication Failure log under User Access log in Imc may have some clues.

Also watch what the switch says about port authentication status - does port status match what you see happen on the computer? Does it show computer account then change to user account if you have both configured?

Hello

>You are trying to authenticate Windows clients with the windows supplicant.  (You are not testing iNode)

- Yes, i testting without inode

>Authentication passes and Dynamic VLAN assignment via UAM access profile works... initially anyway

- It passes because. if i authenticate windows client with Active Directory. Windows can get dhcp and able to loading user profile. but i didn't configure Dynamic VLAN on UAM. I Configure switch like this

 port link-mode bridge
 port link-type trunk
 port trunk permit vlan 1 999
 port trunk pvid vlan 999
 voice vlan 888 enable
 storm-constrain multicast pps 100 50
 storm-constrain control block
 poe enable
 dot1x re-authenticate
 dot1x

>However during that time... the interface in windows (ncpa.cpl) goes from an enabled state back to attemting to authenticate, then subsequently fails.

- Yes. when user can authenticated.

an attachmentn is capture packet on UAM via protocol radius