Network Management

I use my domain admin account to login to Aruba 2930F switches.  We also have a Manager account for backup.  We also have Duo MFA.

So when I login using my domain AD credentials, it asks for Duo prompt, and it logs me in.

But I'm not able to login using my AD credentials now for some reason.  I can only login using the local Manager account.  Its not a Duo issue because other Duo services are working.

No configuration changes were made on the switches.  How can I troubleshoot this?

We did change our domain suffix from .local to .com so we can use Azure AD.  But even if I change my domain account suffix to .local, it won't work.

I use my domain admin account to login to Aruba 2930F switches.  We also have a Manager account for backup.  We also have Duo MFA.

So when I login using my domain AD credentials, it asks for Duo prompt, and it logs me in.

But I'm not able to login using my AD credentials now for some reason.  I can only login using the local Manager account.  Its not a Duo issue because other Duo services are working.

No configuration changes were made on the switches.  How can I troubleshoot this?

I opened a ticket with Duo, and looking at the logs, Duo is allowing the login, but it looks like the IP of the switch also accepts, but is on a loop.

Any ideas?

We did change our domain suffix from .local to .com so we can use Azure AD.  But even if I change my domain account suffix to .local, it won't work.

I use my domain admin account to login to Aruba 2930F switches.  We also have a Manager account for backup.  We also have Duo MFA.

So when I login using my domain AD credentials, it asks for Duo prompt, and it logs me in.

But I'm not able to login using my AD credentials now for some reason.  I can only login using the local Manager account.  Its not a Duo issue because other Duo services are working.

No configuration changes were made on the switches.  How can I troubleshoot this?

This is the log from Duo Proxy showing the connections

10.0.0.3 is an Aruba 2930F

2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] Got response for id 68 from ('10.0.0.15', 1812); code 11
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] (('10.0.0.3', 1812), Useradmin, 142): Returning response code 11: AccessChallenge
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] (('10.0.0.3', 1812), Useradmin, 142): Sending response
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] Packet dump - sent to 10.0.0.3:
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] b'\x0b\x8e\x066\xee:9S\xac\x99\xf3\xa4eR\r\xfc\x1c\xa3_\x95\x1b\x06\x00\x00\x00\x1eO\xff\x01\x03\x05\xd8\x19@\xeah\xec\x14\xb6\x8f\xc3\xd9\x8f\xd2N\xdb]\xf2\xc1t\x0e\x11qwT\xd1\xed\xd5#\xf5\x9b4\xd2q0\xd8\x13\x9a\x18\xdb\xe2d\x8f,\x86@\x10!\x97Y9\xecB\xe8"\xfa\xed\x81R\xa8\xb4v\xa4\xee\xc3\xfd@\xeaE\xebS=\x14\x0b\xf6*\x9f\x12q\x17u\xd1\xa9\xa2\xd4E?=^\xbeX[\x13JqDwA\xed\xf0\x83\xfa\xdbi\xd9\xc0\xa2\x96\x854\xd8\x8f\xa6d\x84l`] }/o\xbb\xb9\xc4+L!\xbc\x0c\xd2\xe2\x07\x85\xbbQZ>\x03(\xad\x98\xaa\x06\xf4\xde\x12\x92\x04T\x8b1z\xe2\xd7,\x83\xbe\xe7\xca\x00\xa1\xb6\xf0\x1a\xac\x16\x14\x9f\xad\xbd5\xa34\xc8\xb6iEg\xda\x87\xc8\x1a\xef\xee\xc2<\x1b\x8e\x8d\xc2\xf5\xf4\xf5A\xbdD[\xe9\x1f/\xde\xdc;\xfc\xf5wNT\xeeT\x15\xfc\xa2z\xb4\x94\xe8\x89G\x00\x04\x8e0\x82\x04\x8a0\x82\x03r\xa0\x03\x02\x01\x02\x02\x10}MB\xa9+C\x1d~dS\xe7\xc1\x9aO\xff\x8dXw0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000W1\x0b0\t\x06\x03U\x04\x06\x13\x02BE1\x190\x17\x06\x03U\x04\n\x13\x10GlobalSign nv-sa1\x100\x0e\x06\x03U\x04\x0b\x13\x07Root CA1\x1b0\x19\x06\x03U\x04\x03\x13\x12GlobalSign Root CA0\x1e\x17\r221012034943Z\x17\r271012000000Z0L1\x0b0\t\x06\x03U\x04\x06\x13\x02BE1\x190\x17\x06\x03U\x04\n\x13\x10GlobalSign nv-sa1"0 \x06\x03U\x04\x03\x13\x19AlphaSSL CA - SHA256 - G40\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xad$)O\xff\x95f\x15\x88?3\x87\x03x\xcf\xd5\x0c$\xb81S\xf3\xff\x83"l\x99\x95+|\xe5JY\xc2\xae\xc6\xd1*\x9d\xfa\x7f .Q\xc8g*P\x91\xa7yVD\xfb8\xb5>0\x8e\xfc\x94.\xcbW\x0ciS_D\xc6V\x96/\xae\xc07%\x86\xf1q\xf1\xdc\x02EB\x86a\xb86\xefQ\xe3sE\x0c\x90\xb3\xa5\xd2\xe7\x03z\xb89E\xd0\x17\xf5\x02\xd0\x94Aj\xc6\x18\xb1\x98\xc3 \xb5\xc5:\xf3\x82\xb1J\xa4D\xac!s*\x92U\x06N\xc8|\x8b\xb0\xcaf\x14TU\xf8+<\xb2T\x91\xb6\xcbR\xb2\xd8\xe3o\x8aD(\xb0}+\xc1\x96\x80\xb9>\x00\xd8\x9e=\xe81\x9dZM\xed\xd6~M\xe5\xd4\x8e\x03\xdd\x12\x9a\'\x83\xd4\xd6\xa1\xd7\x84rN\x81\xed\x9b\x8cb\x06\x97\xa3,h\x13~\x04\x1d\xac\xaf\xa1\'\xc5}1\x9c\xc2\x1b{\r\xa8!\xf3\x85\xa0\xba\xac\xe3\xbb\xe1\xfca\xf8$\xdd*\xaa]\x96\x04w\xc3=P\xe6\xdd\xbf\x86C\x16:7\xf2\xd7O\xff\x02\x03\x01\x00\x01\xa3\x82\x01[0\x82\x01W0\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x860\x1d\x06\x03U\x1d%\x04\x160\x14\x06\x08+\x06\x01\x05\x05\x07\x03\x01\x06\x08+\x06\x01\x05\x05\x07\x03\x020\x12\x06\x03U\x1d\x13\x01\x01\xff\x04\x080\x06\x01\x01\xff\x02\x01\x000\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14O\xcb\xac\xa8\xc2\xef\xab\xdd\x83ok\xbf\xce\x98=\\X%v\x150\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14`{f\x1aE\r\x97\xca\x89P/}\x04\xcd4\xa8\xff\xfc\xfdK0z\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04n0l0-\x06\x08+\x06\x01\x05\x05\x070\x01\x86!http://ocsp.globalsign.com/rootr10;\x06\x08+\x06\x01\x05\x05\x070\x02\x86/http://secure.globalsign.com/cacO\xffert/root-r1.crt03\x06\x03U\x1d\x1f\x04,0*0(\xa0&\xa0$\x86"http://crl.globalsign.com/root.crl0!\x06\x03U\x1d \x04\x1a0\x180\x08\x06\x06g\x81\x0c\x01\x02\x010\x0c\x06\n+\x06\x01\x04\x01\xa02\n\x01\x030\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x1a%\xf6sd\x88@\xa9Y\x07\xa7C\xba\x15?Qa\xbd\x15\xff-d\xdd\xcdz]2j\x7fHB\xe7\x10\x98h9\xef\xb7\xeb\xa14v\xdf-Xh>{0\x1c\x0c\xf7\x86`\xf9\xa9\xf3y\xc0T\xb7\x83\xa68\xbb6\xab\xbc\x95\xd0|\xf8o\xc1\xe9OF\x07\xc8\xb6\x0c2\x00\xa9+\x05\x12\xf7\x0cmf\xf9\x81\x9d\xbf\x0edMr\'\xc6\x8b\xd1J\x02\xe1n\xdb\x0c\x9f\xb7\x8b8\x0c|3/`\x89\xdb8\xcc\x95C\x8c\xdd\x16\x84\xd5\xccO\xe9n:\xcf\x8e\x9b\xa3\x02\x0f\xd1\xbb\xbey\x00\xb5(\x82\xfc\xe3\x9f\x1c\xeft\xd9\xfe2#f\xb8\xf0\xaf\xa0)\xa0\x1f\xdeR\x12\x15x\xdd\xdfjpCmK\xa4\xcd\xeex\x81\xb2u\xa2~\xd7\xfc\xfc\x9e\xff\x82\xed%\x13\xe5\xb1\xe8\xcf\xb7\x18Sn\xcbR\xf8u\x9fe\x926p\xba\xfd\x0c\x05J\x83\xfa\x80\xd2\x9a\xe0\xf3\x8e\xfe\x83\xb5\xdf\x18\xe1\xac\xb4G\'\xfd8p\xa3\x1bD\x02\xed%d$=\xa7\t\xf1"U\x84\x1d\x91\xec\x12\x0c\x00\x01I\x03\x00\x17A\x04\xe6w\xfb\x99c\x0c\xb5\x18w\xcc\x1b\x1c\xc6\xa1\xbd\xefSAu\xf1\x9c\\7G\xd6Z\xd2\x080\xc2K\xa89E\xc0)Gyl\x19<\x94\x1e\xce\x9fe\xd3~\xd9\xb7\xff\xael\x844\xd2\xf4\xec\xa7\xb2[\xbe\xd3/\x04\x01\x01\x00;Q\x1a\xa2U\x96\xf1\xb2cyH]\xd9\xfc\xe4\xab\xcd!\xe9\x19\r\xff\xcf\xa9.9(\xaf\x18&`o\x08%\x00\x00\x017\x00\x01\x17\x00\xfe\x80\x00\x00\x00\x00\x00\x004c\xac\xc5\x8c\x82.T\x00\x00\x00\x04\x9b\xbd\xc0\xa2P\x12*\x9d\xa0O\xd8\x90F\x1aZ\x8d\xd9\xde\xbctM\xf3'
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] Packet dump - received from 10.0.0.3:
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] b'\x01\x8f\x00\x9cj\xcc\xaf\xf3"v\xd2\xcc\x92\x0c\xcb\x02\x9c\x1f\xcf\x80\x01\x0fUseradmin\x04\x06\n\x00\x00\x03 \x0fRidge-Core-48=\x06\x00\x00\x00\x05\x06\x06\x00\x00\x00\x07\x18&`o\x08%\x00\x00\x017\x00\x01\x17\x00\xfe\x80\x00\x00\x00\x00\x00\x004c\xac\xc5\x8c\x82.T\x00\x00\x00\x04\x9b\xbd\xc0\xa2O\x08\x02\x03\x00\x06\x19\x00P\x12\x8a\x83/\xb6\xe7\x98\xf3\xec\x81\xf7\xa7\x9el\x81\xe5\xaf\x1a\x0c\x00\x00\x017\t\x06\x0b\x00\x00\x00\x1f\x0c10.0.0.166'
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] Sending request from 10.0.0.3 to radius_server_auto
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] Received new request id 143 from ('10.0.0.3', 1812)
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] (('10.0.0.3', 1812), Useradmin, 143): Valid response to challenge issued at id 142
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] Sending proxied request for id 143 to ('10.0.0.15', 1812) with id 244
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] Packet dump - sent to 10.0.0.15:
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] b'\x01\xf4\x00\x9cj\xcc\xaf\xf3"v\xd2\xcc\x92\x0c\xcb\x02\x9c\x1f\xcf\x80\x01\x0fUseradmin\x04\x06\n\x00\x00\x03 \x0fRidge-Core-48=\x06\x00\x00\x00\x05\x06\x06\x00\x00\x00\x07\x18&`o\x08%\x00\x00\x017\x00\x01\x17\x00\xfe\x80\x00\x00\x00\x00\x00\x004c\xac\xc5\x8c\x82.T\x00\x00\x00\x04\x9b\xbd\xc0\xa2O\x08\x02\x03\x00\x06\x19\x00P\x12k\x7f\xcc\x90\xcf\x94D\xd6D\x93H\x7f]To\xe6\x1a\x0c\x00\x00\x017\t\x06\x0b\x00\x00\x00\x1f\x0c10.0.0.166'
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] Packet dump - received from 10.0.0.15:
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] b'\x0b\xf4\x01b{\x1dx\x06\xbd\xba\xed\x90\xed"\x95h\x0f{\x95y\x1b\x06\x00\x00\x00\x1eO\xff\x01\x04\x01\x0c\x19\x00\xd0\xd3e\xd0\x89C\x92\xfa>Fi\xe4\xf7D\xa7\x97>bF~t\xcf\x8c\xc4\x14\x82\xfc\xd5L\xebUzG\x9f\x90!\x9e\rE\x86\xd1\x97\xf2HGJ\xca\x80:\xd9\x94A\x87\x96\xbc\x8e!\x082pM\xbb\xec\xeb\xa0 g\x97\x81\xae\xf1?\x9d\xea\xde\xdc\xe7\x1bVN\xa4f\xb7zsS\xa7\xf1\x11:\xc1\xfa-\x93F\xcc\xa5\xa6ZYXk\xeag\x0c4\x14I\xfd9[\xbc\x110\xb0\x1e\xad\x1b~\xd8U(\xd87\x0er\xf88M2\x0f\x98\x7fh/}\xf9\xd0\x9dy2.\x9d}\xf7\xdd\xa4\xff\xf0\x04&\xd4b\xe7\xe9QH)j\x19\x90]\x0c\x9d\x13\x0c\xb7\xc1\xe24b\x81a\xf1\x16\xdfQW\xc9\xccNer1\x8eK\x14\x9a\x0b\xe3\xa9\xd8Gm\xf7-\x85\xaa\xf1g\xad\xf1\xc7}\xc5FP\xe0\xfc\xd0\x0f\xab\x92q\x91\x9c\x84e\xfb\x89\xf1\xa6\xf1\xec\x04\x96\xb7\xa8\r\x00\x00\x1a\x03\x01\x02@\x00\x12\x04\x01\x05\x01\x02\x01\x04\x03\x05O\x11\x03\x02\x03\x02\x02\x06\x01\x06\x03\x00\x00\x0e\x00\x00\x00\x18&`o\x08%\x00\x00\x017\x00\x01\x17\x00\xfe\x80\x00\x00\x00\x00\x00\x004c\xac\xc5\x8c\x82.T\x00\x00\x00\x04\x9b\xbd\xc0\xa2P\x12\xedI\x0fD\x1ef\x0c\x87\xe1\xee\x9exF\xda:\x9d'
``

I opened a ticket with Duo, and looking at the logs, Duo is allowing the login, but it looks like the IP of the switch also accepts, but is on a loop.

Any ideas?

We did change our domain suffix from .local to .com so we can use Azure AD.  But even if I change my domain account suffix to .local, it won't work.

I use my domain admin account to login to Aruba 2930F switches.  We also have a Manager account for backup.  We also have Duo MFA.

So when I login using my domain AD credentials, it asks for Duo prompt, and it logs me in.

But I'm not able to login using my AD credentials now for some reason.  I can only login using the local Manager account.  Its not a Duo issue because other Duo services are working.

No configuration changes were made on the switches.  How can I troubleshoot this?

The account I use to login to switches is still in the previous .local format, so I'm confused why that's not working now.  Do I need to make any change in the switch config?

This is the log from Duo Proxy showing the connections

10.0.0.3 is an Aruba 2930F

2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] Got response for id 68 from ('10.0.0.15', 1812); code 11
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] (('10.0.0.3', 1812), Useradmin, 142): Returning response code 11: AccessChallenge
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] (('10.0.0.3', 1812), Useradmin, 142): Sending response
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] Packet dump - sent to 10.0.0.3:
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] b'\x0b\x8e\x066\xee:9S\xac\x99\xf3\xa4eR\r\xfc\x1c\xa3_\x95\x1b\x06\x00\x00\x00\x1eO\xff\x01\x03\x05\xd8\x19@\xeah\xec\x14\xb6\x8f\xc3\xd9\x8f\xd2N\xdb]\xf2\xc1t\x0e\x11qwT\xd1\xed\xd5#\xf5\x9b4\xd2q0\xd8\x13\x9a\x18\xdb\xe2d\x8f,\x86@\x10!\x97Y9\xecB\xe8"\xfa\xed\x81R\xa8\xb4v\xa4\xee\xc3\xfd@\xeaE\xebS=\x14\x0b\xf6*\x9f\x12q\x17u\xd1\xa9\xa2\xd4E?=^\xbeX[\x13JqDwA\xed\xf0\x83\xfa\xdbi\xd9\xc0\xa2\x96\x854\xd8\x8f\xa6d\x84l`] }/o\xbb\xb9\xc4+L!\xbc\x0c\xd2\xe2\x07\x85\xbbQZ>\x03(\xad\x98\xaa\x06\xf4\xde\x12\x92\x04T\x8b1z\xe2\xd7,\x83\xbe\xe7\xca\x00\xa1\xb6\xf0\x1a\xac\x16\x14\x9f\xad\xbd5\xa34\xc8\xb6iEg\xda\x87\xc8\x1a\xef\xee\xc2<\x1b\x8e\x8d\xc2\xf5\xf4\xf5A\xbdD[\xe9\x1f/\xde\xdc;\xfc\xf5wNT\xeeT\x15\xfc\xa2z\xb4\x94\xe8\x89G\x00\x04\x8e0\x82\x04\x8a0\x82\x03r\xa0\x03\x02\x01\x02\x02\x10}MB\xa9+C\x1d~dS\xe7\xc1\x9aO\xff\x8dXw0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000W1\x0b0\t\x06\x03U\x04\x06\x13\x02BE1\x190\x17\x06\x03U\x04\n\x13\x10GlobalSign nv-sa1\x100\x0e\x06\x03U\x04\x0b\x13\x07Root CA1\x1b0\x19\x06\x03U\x04\x03\x13\x12GlobalSign Root CA0\x1e\x17\r221012034943Z\x17\r271012000000Z0L1\x0b0\t\x06\x03U\x04\x06\x13\x02BE1\x190\x17\x06\x03U\x04\n\x13\x10GlobalSign nv-sa1"0 \x06\x03U\x04\x03\x13\x19AlphaSSL CA - SHA256 - G40\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xad$)O\xff\x95f\x15\x88?3\x87\x03x\xcf\xd5\x0c$\xb81S\xf3\xff\x83"l\x99\x95+|\xe5JY\xc2\xae\xc6\xd1*\x9d\xfa\x7f .Q\xc8g*P\x91\xa7yVD\xfb8\xb5>0\x8e\xfc\x94.\xcbW\x0ciS_D\xc6V\x96/\xae\xc07%\x86\xf1q\xf1\xdc\x02EB\x86a\xb86\xefQ\xe3sE\x0c\x90\xb3\xa5\xd2\xe7\x03z\xb89E\xd0\x17\xf5\x02\xd0\x94Aj\xc6\x18\xb1\x98\xc3 \xb5\xc5:\xf3\x82\xb1J\xa4D\xac!s*\x92U\x06N\xc8|\x8b\xb0\xcaf\x14TU\xf8+<\xb2T\x91\xb6\xcbR\xb2\xd8\xe3o\x8aD(\xb0}+\xc1\x96\x80\xb9>\x00\xd8\x9e=\xe81\x9dZM\xed\xd6~M\xe5\xd4\x8e\x03\xdd\x12\x9a\'\x83\xd4\xd6\xa1\xd7\x84rN\x81\xed\x9b\x8cb\x06\x97\xa3,h\x13~\x04\x1d\xac\xaf\xa1\'\xc5}1\x9c\xc2\x1b{\r\xa8!\xf3\x85\xa0\xba\xac\xe3\xbb\xe1\xfca\xf8$\xdd*\xaa]\x96\x04w\xc3=P\xe6\xdd\xbf\x86C\x16:7\xf2\xd7O\xff\x02\x03\x01\x00\x01\xa3\x82\x01[0\x82\x01W0\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x860\x1d\x06\x03U\x1d%\x04\x160\x14\x06\x08+\x06\x01\x05\x05\x07\x03\x01\x06\x08+\x06\x01\x05\x05\x07\x03\x020\x12\x06\x03U\x1d\x13\x01\x01\xff\x04\x080\x06\x01\x01\xff\x02\x01\x000\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14O\xcb\xac\xa8\xc2\xef\xab\xdd\x83ok\xbf\xce\x98=\\X%v\x150\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14`{f\x1aE\r\x97\xca\x89P/}\x04\xcd4\xa8\xff\xfc\xfdK0z\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04n0l0-\x06\x08+\x06\x01\x05\x05\x070\x01\x86!http://ocsp.globalsign.com/rootr10;\x06\x08+\x06\x01\x05\x05\x070\x02\x86/http://secure.globalsign.com/cacO\xffert/root-r1.crt03\x06\x03U\x1d\x1f\x04,0*0(\xa0&\xa0$\x86"http://crl.globalsign.com/root.crl0!\x06\x03U\x1d \x04\x1a0\x180\x08\x06\x06g\x81\x0c\x01\x02\x010\x0c\x06\n+\x06\x01\x04\x01\xa02\n\x01\x030\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x1a%\xf6sd\x88@\xa9Y\x07\xa7C\xba\x15?Qa\xbd\x15\xff-d\xdd\xcdz]2j\x7fHB\xe7\x10\x98h9\xef\xb7\xeb\xa14v\xdf-Xh>{0\x1c\x0c\xf7\x86`\xf9\xa9\xf3y\xc0T\xb7\x83\xa68\xbb6\xab\xbc\x95\xd0|\xf8o\xc1\xe9OF\x07\xc8\xb6\x0c2\x00\xa9+\x05\x12\xf7\x0cmf\xf9\x81\x9d\xbf\x0edMr\'\xc6\x8b\xd1J\x02\xe1n\xdb\x0c\x9f\xb7\x8b8\x0c|3/`\x89\xdb8\xcc\x95C\x8c\xdd\x16\x84\xd5\xccO\xe9n:\xcf\x8e\x9b\xa3\x02\x0f\xd1\xbb\xbey\x00\xb5(\x82\xfc\xe3\x9f\x1c\xeft\xd9\xfe2#f\xb8\xf0\xaf\xa0)\xa0\x1f\xdeR\x12\x15x\xdd\xdfjpCmK\xa4\xcd\xeex\x81\xb2u\xa2~\xd7\xfc\xfc\x9e\xff\x82\xed%\x13\xe5\xb1\xe8\xcf\xb7\x18Sn\xcbR\xf8u\x9fe\x926p\xba\xfd\x0c\x05J\x83\xfa\x80\xd2\x9a\xe0\xf3\x8e\xfe\x83\xb5\xdf\x18\xe1\xac\xb4G\'\xfd8p\xa3\x1bD\x02\xed%d$=\xa7\t\xf1"U\x84\x1d\x91\xec\x12\x0c\x00\x01I\x03\x00\x17A\x04\xe6w\xfb\x99c\x0c\xb5\x18w\xcc\x1b\x1c\xc6\xa1\xbd\xefSAu\xf1\x9c\\7G\xd6Z\xd2\x080\xc2K\xa89E\xc0)Gyl\x19<\x94\x1e\xce\x9fe\xd3~\xd9\xb7\xff\xael\x844\xd2\xf4\xec\xa7\xb2[\xbe\xd3/\x04\x01\x01\x00;Q\x1a\xa2U\x96\xf1\xb2cyH]\xd9\xfc\xe4\xab\xcd!\xe9\x19\r\xff\xcf\xa9.9(\xaf\x18&`o\x08%\x00\x00\x017\x00\x01\x17\x00\xfe\x80\x00\x00\x00\x00\x00\x004c\xac\xc5\x8c\x82.T\x00\x00\x00\x04\x9b\xbd\xc0\xa2P\x12*\x9d\xa0O\xd8\x90F\x1aZ\x8d\xd9\xde\xbctM\xf3'
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] Packet dump - received from 10.0.0.3:
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] b'\x01\x8f\x00\x9cj\xcc\xaf\xf3"v\xd2\xcc\x92\x0c\xcb\x02\x9c\x1f\xcf\x80\x01\x0fUseradmin\x04\x06\n\x00\x00\x03 \x0fRidge-Core-48=\x06\x00\x00\x00\x05\x06\x06\x00\x00\x00\x07\x18&`o\x08%\x00\x00\x017\x00\x01\x17\x00\xfe\x80\x00\x00\x00\x00\x00\x004c\xac\xc5\x8c\x82.T\x00\x00\x00\x04\x9b\xbd\xc0\xa2O\x08\x02\x03\x00\x06\x19\x00P\x12\x8a\x83/\xb6\xe7\x98\xf3\xec\x81\xf7\xa7\x9el\x81\xe5\xaf\x1a\x0c\x00\x00\x017\t\x06\x0b\x00\x00\x00\x1f\x0c10.0.0.166'
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] Sending request from 10.0.0.3 to radius_server_auto
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] Received new request id 143 from ('10.0.0.3', 1812)
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] (('10.0.0.3', 1812), Useradmin, 143): Valid response to challenge issued at id 142
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] Sending proxied request for id 143 to ('10.0.0.15', 1812) with id 244
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] Packet dump - sent to 10.0.0.15:
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] b'\x01\xf4\x00\x9cj\xcc\xaf\xf3"v\xd2\xcc\x92\x0c\xcb\x02\x9c\x1f\xcf\x80\x01\x0fUseradmin\x04\x06\n\x00\x00\x03 \x0fRidge-Core-48=\x06\x00\x00\x00\x05\x06\x06\x00\x00\x00\x07\x18&`o\x08%\x00\x00\x017\x00\x01\x17\x00\xfe\x80\x00\x00\x00\x00\x00\x004c\xac\xc5\x8c\x82.T\x00\x00\x00\x04\x9b\xbd\xc0\xa2O\x08\x02\x03\x00\x06\x19\x00P\x12k\x7f\xcc\x90\xcf\x94D\xd6D\x93H\x7f]To\xe6\x1a\x0c\x00\x00\x017\t\x06\x0b\x00\x00\x00\x1f\x0c10.0.0.166'
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] Packet dump - received from 10.0.0.15:
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] b'\x0b\xf4\x01b{\x1dx\x06\xbd\xba\xed\x90\xed"\x95h\x0f{\x95y\x1b\x06\x00\x00\x00\x1eO\xff\x01\x04\x01\x0c\x19\x00\xd0\xd3e\xd0\x89C\x92\xfa>Fi\xe4\xf7D\xa7\x97>bF~t\xcf\x8c\xc4\x14\x82\xfc\xd5L\xebUzG\x9f\x90!\x9e\rE\x86\xd1\x97\xf2HGJ\xca\x80:\xd9\x94A\x87\x96\xbc\x8e!\x082pM\xbb\xec\xeb\xa0 g\x97\x81\xae\xf1?\x9d\xea\xde\xdc\xe7\x1bVN\xa4f\xb7zsS\xa7\xf1\x11:\xc1\xfa-\x93F\xcc\xa5\xa6ZYXk\xeag\x0c4\x14I\xfd9[\xbc\x110\xb0\x1e\xad\x1b~\xd8U(\xd87\x0er\xf88M2\x0f\x98\x7fh/}\xf9\xd0\x9dy2.\x9d}\xf7\xdd\xa4\xff\xf0\x04&\xd4b\xe7\xe9QH)j\x19\x90]\x0c\x9d\x13\x0c\xb7\xc1\xe24b\x81a\xf1\x16\xdfQW\xc9\xccNer1\x8eK\x14\x9a\x0b\xe3\xa9\xd8Gm\xf7-\x85\xaa\xf1g\xad\xf1\xc7}\xc5FP\xe0\xfc\xd0\x0f\xab\x92q\x91\x9c\x84e\xfb\x89\xf1\xa6\xf1\xec\x04\x96\xb7\xa8\r\x00\x00\x1a\x03\x01\x02@\x00\x12\x04\x01\x05\x01\x02\x01\x04\x03\x05O\x11\x03\x02\x03\x02\x02\x06\x01\x06\x03\x00\x00\x0e\x00\x00\x00\x18&`o\x08%\x00\x00\x017\x00\x01\x17\x00\xfe\x80\x00\x00\x00\x00\x00\x004c\xac\xc5\x8c\x82.T\x00\x00\x00\x04\x9b\xbd\xc0\xa2P\x12\xedI\x0fD\x1ef\x0c\x87\xe1\xee\x9exF\xda:\x9d'
``

I opened a ticket with Duo, and looking at the logs, Duo is allowing the login, but it looks like the IP of the switch also accepts, but is on a loop.

Any ideas?

We did change our domain suffix from .local to .com so we can use Azure AD.  But even if I change my domain account suffix to .local, it won't work.

I use my domain admin account to login to Aruba 2930F switches.  We also have a Manager account for backup.  We also have Duo MFA.

So when I login using my domain AD credentials, it asks for Duo prompt, and it logs me in.

But I'm not able to login using my AD credentials now for some reason.  I can only login using the local Manager account.  Its not a Duo issue because other Duo services are working.

No configuration changes were made on the switches.  How can I troubleshoot this?

Any recommendations?  

The account I use to login to switches is still in the previous .local format, so I'm confused why that's not working now.  Do I need to make any change in the switch config?

This is the log from Duo Proxy showing the connections

10.0.0.3 is an Aruba 2930F

2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] Got response for id 68 from ('10.0.0.15', 1812); code 11
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] (('10.0.0.3', 1812), Useradmin, 142): Returning response code 11: AccessChallenge
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] (('10.0.0.3', 1812), Useradmin, 142): Sending response
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] Packet dump - sent to 10.0.0.3:
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] b'\x0b\x8e\x066\xee:9S\xac\x99\xf3\xa4eR\r\xfc\x1c\xa3_\x95\x1b\x06\x00\x00\x00\x1eO\xff\x01\x03\x05\xd8\x19@\xeah\xec\x14\xb6\x8f\xc3\xd9\x8f\xd2N\xdb]\xf2\xc1t\x0e\x11qwT\xd1\xed\xd5#\xf5\x9b4\xd2q0\xd8\x13\x9a\x18\xdb\xe2d\x8f,\x86@\x10!\x97Y9\xecB\xe8"\xfa\xed\x81R\xa8\xb4v\xa4\xee\xc3\xfd@\xeaE\xebS=\x14\x0b\xf6*\x9f\x12q\x17u\xd1\xa9\xa2\xd4E?=^\xbeX[\x13JqDwA\xed\xf0\x83\xfa\xdbi\xd9\xc0\xa2\x96\x854\xd8\x8f\xa6d\x84l`] }/o\xbb\xb9\xc4+L!\xbc\x0c\xd2\xe2\x07\x85\xbbQZ>\x03(\xad\x98\xaa\x06\xf4\xde\x12\x92\x04T\x8b1z\xe2\xd7,\x83\xbe\xe7\xca\x00\xa1\xb6\xf0\x1a\xac\x16\x14\x9f\xad\xbd5\xa34\xc8\xb6iEg\xda\x87\xc8\x1a\xef\xee\xc2<\x1b\x8e\x8d\xc2\xf5\xf4\xf5A\xbdD[\xe9\x1f/\xde\xdc;\xfc\xf5wNT\xeeT\x15\xfc\xa2z\xb4\x94\xe8\x89G\x00\x04\x8e0\x82\x04\x8a0\x82\x03r\xa0\x03\x02\x01\x02\x02\x10}MB\xa9+C\x1d~dS\xe7\xc1\x9aO\xff\x8dXw0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000W1\x0b0\t\x06\x03U\x04\x06\x13\x02BE1\x190\x17\x06\x03U\x04\n\x13\x10GlobalSign nv-sa1\x100\x0e\x06\x03U\x04\x0b\x13\x07Root CA1\x1b0\x19\x06\x03U\x04\x03\x13\x12GlobalSign Root CA0\x1e\x17\r221012034943Z\x17\r271012000000Z0L1\x0b0\t\x06\x03U\x04\x06\x13\x02BE1\x190\x17\x06\x03U\x04\n\x13\x10GlobalSign nv-sa1"0 \x06\x03U\x04\x03\x13\x19AlphaSSL CA - SHA256 - G40\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xad$)O\xff\x95f\x15\x88?3\x87\x03x\xcf\xd5\x0c$\xb81S\xf3\xff\x83"l\x99\x95+|\xe5JY\xc2\xae\xc6\xd1*\x9d\xfa\x7f .Q\xc8g*P\x91\xa7yVD\xfb8\xb5>0\x8e\xfc\x94.\xcbW\x0ciS_D\xc6V\x96/\xae\xc07%\x86\xf1q\xf1\xdc\x02EB\x86a\xb86\xefQ\xe3sE\x0c\x90\xb3\xa5\xd2\xe7\x03z\xb89E\xd0\x17\xf5\x02\xd0\x94Aj\xc6\x18\xb1\x98\xc3 \xb5\xc5:\xf3\x82\xb1J\xa4D\xac!s*\x92U\x06N\xc8|\x8b\xb0\xcaf\x14TU\xf8+<\xb2T\x91\xb6\xcbR\xb2\xd8\xe3o\x8aD(\xb0}+\xc1\x96\x80\xb9>\x00\xd8\x9e=\xe81\x9dZM\xed\xd6~M\xe5\xd4\x8e\x03\xdd\x12\x9a\'\x83\xd4\xd6\xa1\xd7\x84rN\x81\xed\x9b\x8cb\x06\x97\xa3,h\x13~\x04\x1d\xac\xaf\xa1\'\xc5}1\x9c\xc2\x1b{\r\xa8!\xf3\x85\xa0\xba\xac\xe3\xbb\xe1\xfca\xf8$\xdd*\xaa]\x96\x04w\xc3=P\xe6\xdd\xbf\x86C\x16:7\xf2\xd7O\xff\x02\x03\x01\x00\x01\xa3\x82\x01[0\x82\x01W0\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x860\x1d\x06\x03U\x1d%\x04\x160\x14\x06\x08+\x06\x01\x05\x05\x07\x03\x01\x06\x08+\x06\x01\x05\x05\x07\x03\x020\x12\x06\x03U\x1d\x13\x01\x01\xff\x04\x080\x06\x01\x01\xff\x02\x01\x000\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14O\xcb\xac\xa8\xc2\xef\xab\xdd\x83ok\xbf\xce\x98=\\X%v\x150\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14`{f\x1aE\r\x97\xca\x89P/}\x04\xcd4\xa8\xff\xfc\xfdK0z\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04n0l0-\x06\x08+\x06\x01\x05\x05\x070\x01\x86!http://ocsp.globalsign.com/rootr10;\x06\x08+\x06\x01\x05\x05\x070\x02\x86/http://secure.globalsign.com/cacO\xffert/root-r1.crt03\x06\x03U\x1d\x1f\x04,0*0(\xa0&\xa0$\x86"http://crl.globalsign.com/root.crl0!\x06\x03U\x1d \x04\x1a0\x180\x08\x06\x06g\x81\x0c\x01\x02\x010\x0c\x06\n+\x06\x01\x04\x01\xa02\n\x01\x030\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x1a%\xf6sd\x88@\xa9Y\x07\xa7C\xba\x15?Qa\xbd\x15\xff-d\xdd\xcdz]2j\x7fHB\xe7\x10\x98h9\xef\xb7\xeb\xa14v\xdf-Xh>{0\x1c\x0c\xf7\x86`\xf9\xa9\xf3y\xc0T\xb7\x83\xa68\xbb6\xab\xbc\x95\xd0|\xf8o\xc1\xe9OF\x07\xc8\xb6\x0c2\x00\xa9+\x05\x12\xf7\x0cmf\xf9\x81\x9d\xbf\x0edMr\'\xc6\x8b\xd1J\x02\xe1n\xdb\x0c\x9f\xb7\x8b8\x0c|3/`\x89\xdb8\xcc\x95C\x8c\xdd\x16\x84\xd5\xccO\xe9n:\xcf\x8e\x9b\xa3\x02\x0f\xd1\xbb\xbey\x00\xb5(\x82\xfc\xe3\x9f\x1c\xeft\xd9\xfe2#f\xb8\xf0\xaf\xa0)\xa0\x1f\xdeR\x12\x15x\xdd\xdfjpCmK\xa4\xcd\xeex\x81\xb2u\xa2~\xd7\xfc\xfc\x9e\xff\x82\xed%\x13\xe5\xb1\xe8\xcf\xb7\x18Sn\xcbR\xf8u\x9fe\x926p\xba\xfd\x0c\x05J\x83\xfa\x80\xd2\x9a\xe0\xf3\x8e\xfe\x83\xb5\xdf\x18\xe1\xac\xb4G\'\xfd8p\xa3\x1bD\x02\xed%d$=\xa7\t\xf1"U\x84\x1d\x91\xec\x12\x0c\x00\x01I\x03\x00\x17A\x04\xe6w\xfb\x99c\x0c\xb5\x18w\xcc\x1b\x1c\xc6\xa1\xbd\xefSAu\xf1\x9c\\7G\xd6Z\xd2\x080\xc2K\xa89E\xc0)Gyl\x19<\x94\x1e\xce\x9fe\xd3~\xd9\xb7\xff\xael\x844\xd2\xf4\xec\xa7\xb2[\xbe\xd3/\x04\x01\x01\x00;Q\x1a\xa2U\x96\xf1\xb2cyH]\xd9\xfc\xe4\xab\xcd!\xe9\x19\r\xff\xcf\xa9.9(\xaf\x18&`o\x08%\x00\x00\x017\x00\x01\x17\x00\xfe\x80\x00\x00\x00\x00\x00\x004c\xac\xc5\x8c\x82.T\x00\x00\x00\x04\x9b\xbd\xc0\xa2P\x12*\x9d\xa0O\xd8\x90F\x1aZ\x8d\xd9\xde\xbctM\xf3'
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] Packet dump - received from 10.0.0.3:
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] b'\x01\x8f\x00\x9cj\xcc\xaf\xf3"v\xd2\xcc\x92\x0c\xcb\x02\x9c\x1f\xcf\x80\x01\x0fUseradmin\x04\x06\n\x00\x00\x03 \x0fRidge-Core-48=\x06\x00\x00\x00\x05\x06\x06\x00\x00\x00\x07\x18&`o\x08%\x00\x00\x017\x00\x01\x17\x00\xfe\x80\x00\x00\x00\x00\x00\x004c\xac\xc5\x8c\x82.T\x00\x00\x00\x04\x9b\xbd\xc0\xa2O\x08\x02\x03\x00\x06\x19\x00P\x12\x8a\x83/\xb6\xe7\x98\xf3\xec\x81\xf7\xa7\x9el\x81\xe5\xaf\x1a\x0c\x00\x00\x017\t\x06\x0b\x00\x00\x00\x1f\x0c10.0.0.166'
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] Sending request from 10.0.0.3 to radius_server_auto
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] Received new request id 143 from ('10.0.0.3', 1812)
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] (('10.0.0.3', 1812), Useradmin, 143): Valid response to challenge issued at id 142
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] Sending proxied request for id 143 to ('10.0.0.15', 1812) with id 244
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] Packet dump - sent to 10.0.0.15:
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] b'\x01\xf4\x00\x9cj\xcc\xaf\xf3"v\xd2\xcc\x92\x0c\xcb\x02\x9c\x1f\xcf\x80\x01\x0fUseradmin\x04\x06\n\x00\x00\x03 \x0fRidge-Core-48=\x06\x00\x00\x00\x05\x06\x06\x00\x00\x00\x07\x18&`o\x08%\x00\x00\x017\x00\x01\x17\x00\xfe\x80\x00\x00\x00\x00\x00\x004c\xac\xc5\x8c\x82.T\x00\x00\x00\x04\x9b\xbd\xc0\xa2O\x08\x02\x03\x00\x06\x19\x00P\x12k\x7f\xcc\x90\xcf\x94D\xd6D\x93H\x7f]To\xe6\x1a\x0c\x00\x00\x017\t\x06\x0b\x00\x00\x00\x1f\x0c10.0.0.166'
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] Packet dump - received from 10.0.0.15:
2024-05-15T14:19:11-0400 [duoauthproxy.lib.log#info] b'\x0b\xf4\x01b{\x1dx\x06\xbd\xba\xed\x90\xed"\x95h\x0f{\x95y\x1b\x06\x00\x00\x00\x1eO\xff\x01\x04\x01\x0c\x19\x00\xd0\xd3e\xd0\x89C\x92\xfa>Fi\xe4\xf7D\xa7\x97>bF~t\xcf\x8c\xc4\x14\x82\xfc\xd5L\xebUzG\x9f\x90!\x9e\rE\x86\xd1\x97\xf2HGJ\xca\x80:\xd9\x94A\x87\x96\xbc\x8e!\x082pM\xbb\xec\xeb\xa0 g\x97\x81\xae\xf1?\x9d\xea\xde\xdc\xe7\x1bVN\xa4f\xb7zsS\xa7\xf1\x11:\xc1\xfa-\x93F\xcc\xa5\xa6ZYXk\xeag\x0c4\x14I\xfd9[\xbc\x110\xb0\x1e\xad\x1b~\xd8U(\xd87\x0er\xf88M2\x0f\x98\x7fh/}\xf9\xd0\x9dy2.\x9d}\xf7\xdd\xa4\xff\xf0\x04&\xd4b\xe7\xe9QH)j\x19\x90]\x0c\x9d\x13\x0c\xb7\xc1\xe24b\x81a\xf1\x16\xdfQW\xc9\xccNer1\x8eK\x14\x9a\x0b\xe3\xa9\xd8Gm\xf7-\x85\xaa\xf1g\xad\xf1\xc7}\xc5FP\xe0\xfc\xd0\x0f\xab\x92q\x91\x9c\x84e\xfb\x89\xf1\xa6\xf1\xec\x04\x96\xb7\xa8\r\x00\x00\x1a\x03\x01\x02@\x00\x12\x04\x01\x05\x01\x02\x01\x04\x03\x05O\x11\x03\x02\x03\x02\x02\x06\x01\x06\x03\x00\x00\x0e\x00\x00\x00\x18&`o\x08%\x00\x00\x017\x00\x01\x17\x00\xfe\x80\x00\x00\x00\x00\x00\x004c\xac\xc5\x8c\x82.T\x00\x00\x00\x04\x9b\xbd\xc0\xa2P\x12\xedI\x0fD\x1ef\x0c\x87\xe1\xee\x9exF\xda:\x9d'
``

I opened a ticket with Duo, and looking at the logs, Duo is allowing the login, but it looks like the IP of the switch also accepts, but is on a loop.

Any ideas?

We did change our domain suffix from .local to .com so we can use Azure AD.  But even if I change my domain account suffix to .local, it won't work.

I use my domain admin account to login to Aruba 2930F switches.  We also have a Manager account for backup.  We also have Duo MFA.

So when I login using my domain AD credentials, it asks for Duo prompt, and it logs me in.

But I'm not able to login using my AD credentials now for some reason.  I can only login using the local Manager account.  Its not a Duo issue because other Duo services are working.

No configuration changes were made on the switches.  How can I troubleshoot this?