AC6605 how to deploy the second authnetication server

567 0 0 0
 

Issue description :

The company CTG (Company A) bought another company (Company B),but now customer wants make the integration between the two companies.

The customer now authenticates via LDAP on the server itself  and is ok, but he wants to do the same procedure only that now to the other domain in the server of the new company (Company B).

He want it automatically users connect to the new server .

TOPOLOGY:

fc4a0df6eab446f0bff952d121d17522



transparent.gif Alarm Information:

It's coming to the server how to login anonymously, and the server does not accept if it's anonymous.

Below is Radius alarm information .

091217ljj5jzrkljwiln31.png

transparent.gif Handling Process:

First : check user online failed records .

091414xz231osf9qc32cao.png

Second : check Radius-server and Authentication-profile configuration .

 

transparent.gif Root Cause:

The configuration is checked, and the reason for this error is that the authentication-profile name xxxx configuration is incorrect.

The current authentication-profile is configured as follows:

authentication-profile name xxxx

dot1x-access-profile xxxx

access-domain xxxx

radius-server xxxx

 

Under the authentication-profile, you can specify the authentication domain used by authentication through access-domain, or you can specify the authentication mode directly through the authentication template (authentication-scheme) and radius-server template (radius-server) under the authentication template.

If the authentication scheme or accounting scheme or radius-server template is configured under the authentication template (as long as any one is configured), the access-domain command configuration will not work.

From the current certification under the configuration of the access-domain template, and the configuration of the radius-server, the access-domain configuration will not be effective, but not configure authentication-sheme authentication template, the template authentication configuration is not complete, to obtain certification scheme from the certification template in certification (authentication-scheme) fails, the error will be reported.

transparent.gif Solution:

There are two ways to modify as the following:

1. the authentication-profile specify the authentication domain through the access-domain, and delete the radius-server configuration .

2. Directly specify the authentication scheme and radius-server template under the authentication-profile, and delete the access-domain under the authentication-profile, add the configuration authentication-scheme xxxx.

This post was last edited by Skay at 2018-09-12 09:18.
  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top