Fibre Channel (SAN)

Reply
Occasional Contributor
Boom
Posts: 10
Registered: ‎06-24-2010

authentication failure on local/radius for GUI but working for CLI

Hi all,

I have issue with one of 8510 switches. authentication is failing if I use switch-explorer web GUI.  if I use same credentials  and logon via SSH its working fine.

hbg
New Contributor
hbg
Posts: 4
Registered: ‎02-20-2013

Re: authentication failure on local/radius for GUI but working for CLI

Hi

Did you ever find a solution on your problem?

I've got the exact same problem, just that my 8510 is working, and my DCX isn't.

Contributor
jdaignea
Posts: 57
Registered: ‎08-12-2009

Re: authentication failure on local/radius for GUI but working for CLI

hbg

The element manager (web tools) and cli use the same authentication method / password database. Are you using https and web certificates?

hbg
New Contributor
hbg
Posts: 4
Registered: ‎02-20-2013

Re: authentication failure on local/radius for GUI but working for CLI

Hi

No, I'm not using https.

I'm using Radius user validation. The Radius configuration is equal on the DCX and the 8510.

But now it's strange - did a logon 30 minutes ago without problems, but now I'm unable to logon again. Nothing that I know of has changed in those 30 minutes. Login using CLI still works without any problems.

Another 48000 director also using Radius validation with same configuration as the DCX and 8510, which I was unable to logon to last week, is accepting my logon today.

8510: FOS 7.0.2b

DCX: FOS 7.0.1

48000: FOS 6.4.2b

Contributor
jdaignea
Posts: 57
Registered: ‎08-12-2009

Re: authentication failure on local/radius for GUI but working for CLI

The way you describe the problem sounds to me like a potential ethernet timeout issue between the directors and the radius server. I suggest you check the eth0 (management interface) for ethernet errors (collisions / dropped frames, etc.) This can be done from the cli with the netstat -a -i (if memory serves me correctly.) There was a defect in earlier versions of FOS but that was addressed in the versions you are using here.

hbg
New Contributor
hbg
Posts: 4
Registered: ‎02-20-2013

Re: authentication failure on local/radius for GUI but working for CLI

No errors detected on the ethernet.

Kernel Interface table

Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR   TX-OK TX-ERR TX-DRP TX-OVR Flg

bond0  1500   01579438192      0      0      01621896894      0      0      0 BMmRU

bond0  1500   0     - no statistics available -                        BMmRU

eth0   1500   01579438192      0      0      01621896892      0      0      0 BMsRU

eth1   1500   0117753600      0      0      0118925035      0      0      0 BMRU

eth2   1500   079413467      0      0      079412406      0      0      0 BMRU

eth3   1500   0       0      0      0      0       1      0      0      0 BMOsU

fc0    2024   0       0      0      0      0       0      0      0      0 B

ip6tn  1460   0       0      0      0      0       0      0      0      0 O

lo    16436   0 6406490      0      0      0 6406490      0      0      0 LRU

port0  2112   0       0      0      0      0       0      0      0      0 BMO

sit0   1480   0       0      0      0      0       0      0      0      0 O

And shouldn't it be the same, when I login to CLI? Is the login different when using the WEB?

I have also tried to change the timeout to the Radius server without any luck.

Just checked the log on the Radius server - when using CLI, it connects to the Radius server and validates fine - but no connection is made when I'm trying from WEB? The director does not contact the Radius server at all...?

hbg
New Contributor
hbg
Posts: 4
Registered: ‎02-20-2013

Re: authentication failure on local/radius for GUI but working for CLI

It turned out, that I think we had a hanging process on 2 of our DCX's.

We did a upgrade to FOS 7.0.2b, and the problem is now gone. We are now able to login using WebTools.

Thanks for your effort in trying to help me out.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.