Following this article to allow mgmt user to login using RADIUS.
http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-do-I-configure-RADIUS-authentication-for-management-access/ta-p/177912
Able to authenticate client using 802.x tls however unable to login using RADIUS as root.
Internal Error: Unknown authentication Management
7010 - OS 6.5.3.1
Try this:
config t
logging level debugging security subcat aaa
Try logging in and after you try and it fails, type:
show log security 50
That might give you an idea of what is wrong...
Oct 4 16:57:41 :121031: <3889> <DBUG> |authmgr| |aaa| [rc_api.c:1216] Authentication failedOct 4 16:57:41 :121031: <3889> <DBUG> |authmgr| |aaa| [rc_api.c:1218] RADIUS RESPONSE ATTRIBUTES:Oct 4 16:57:41 :121031: <3889> <DBUG> |authmgr| |aaa| [rc_api.c:1233] {Microsoft} MS-CHAP-Error:Oct 4 16:57:41 :121031: <3889> <DBUG> |authmgr| |aaa| [rc_api.c:1233] PW_RADIUS_ID: \030Oct 4 16:57:41 :121031: <3889> <DBUG> |authmgr| |aaa| [rc_api.c:1233] Rad-Length: 42Oct 4 16:57:41 :121031: <3889> <DBUG> |authmgr| |aaa| [rc_api.c:1233] PW_RADIUS_CODE: \003Oct 4 16:57:41 :121031: <3889> <DBUG> |authmgr| |aaa| [rc_api.c:1233] PW_RAD_AUTHENTICATOR: \372\346\022\346\363e\260\227\233\035\334\205\306\014oB
According to the logs your controller/TACACS server doesn't like the MSCHAP authentication method. Can you try disabling MSCHAPv2?
It looks like only RADIUS is compatible with MSCHAPv2 for management login.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.