Issue description :
The company CTG (Company A) bought another company (Company B),but now customer wants make the integration between the two companies.
The customer now authenticates via LDAP on the server itself and is ok, but he wants to do the same procedure only that now to the other domain in the server of the new company (Company B).
He want it automatically users connect to the new server .
TOPOLOGY:
Alarm Information:It's coming to the server how to login anonymously, and the server does not accept if it's anonymous.
Below is Radius alarm information .
Handling Process:First : check user online failed records .
Second : check Radius-server and Authentication-profile configuration .
Root Cause:The configuration is checked, and the reason for this error is that the authentication-profile name xxxx configuration is incorrect.
The current authentication-profile is configured as follows:
authentication-profile name xxxx
dot1x-access-profile xxxx
access-domain xxxx
radius-server xxxx
Under the authentication-profile, you can specify the authentication domain used by authentication through access-domain, or you can specify the authentication mode directly through the authentication template (authentication-scheme) and radius-server template (radius-server) under the authentication template.
If the authentication scheme or accounting scheme or radius-server template is configured under the authentication template (as long as any one is configured), the access-domain command configuration will not work.
From the current certification under the configuration of the access-domain template, and the configuration of the radius-server, the access-domain configuration will not be effective, but not configure authentication-sheme authentication template, the template authentication configuration is not complete, to obtain certification scheme from the certification template in certification (authentication-scheme) fails, the error will be reported.
Solution:There are two ways to modify as the following:
1. the authentication-profile specify the authentication domain through the access-domain, and delete the radius-server configuration .
2. Directly specify the authentication scheme and radius-server template under the authentication-profile, and delete the access-domain under the authentication-profile, add the configuration authentication-scheme xxxx.
