< Home

A User Fails to Pass RADIUS Authentication When the Entered User Name Does Not Contain a Domain Name

Fault Description

When a user enters a user name that does not contain a domain name for RADIUS authentication, the user cannot be authenticated.

Common Causes

If a user is authenticated in the global default domain (for which RADIUS authentication is not configured) and enters a user name without the domain name, the user cannot be authenticated.

Global default domains include:
  • default_admin: For administrators who log in through Telnet, SSH, FTP, HTTP, or console port
  • default: For common users who log in through MAC, Portal, 802.1X, or PPP authentication

Procedure

Ensure that the domain configured for RADIUS authentication is the same as the domain used for user authentication. You can use one of the following methods:
  • As an administrator, configure the domain for RADIUS authentication as the global default domain.
    • If the user that failed authentication is an administrator, run the domain domain-name admin command in the system view.
    • If the user that failed authentication is a common user, run the domain domain-name command in the system view.
  • As an administrator, configure RADIUS authentication in the global default domain.
    • If the user that failed authentication is an administrator, configure RADIUS authentication in default_admin.
    • If the user that failed authentication is a common user, configure RADIUS authentication in default.
  • The user enters a user name containing the RADIUS authentication domain name.
Parent Topic: Troubleshooting AAA
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic