Network Topology
Topology
Problem Description
A site reported that the ADCampus (virtual machine deployment) user dot1x authentication failed, and the iNode client showed that the connection failed.
Process Analysis
The ADCampus packet capture shows that there is only one access request packet from a device to the Campus, and no response to the leaf device's access-accept packet.
In the debug level log of the ADEIA component, the relevant error is seen as:
%% 2021-11-19 11:45:05.217 ; [ERR] ; [7936] ; radEnt ; chkMsgAttr: Invalid Msg-Authenticator received from 192.168.40.2。
After communicating with IMC experts, they reported that this error was a verification error. Check whether the RADIUS KEY configured on the device is consistent with the access device secret key on the EIA.
But we confirm that the shared key (12345) between the device and the EIA side has been reconfigured and is consistent.
In business parameter configuration-system configuration-system parameter configuration, change the "key display mode" to plain text, and then look at the shared key value corresponding to 192.168.40.2 in the access device on the iMC.
So collected the clients files in the iMC/uam/etc directory for IMC EIA R&D.
Solution
R&D feedback needs to replace relevant EIA documents attached to solve the problem of Invalid Msg-Authenticator
1. Stop the uam process in the monitoring agent
2. Back up uam.exe, libeay32.dll, and ssleay32.dll in the iMC/uam/bin directory, and then copy the files in the compressed package to this directory
3. Restart the uam process in the monitoring agent
After the file is replaced, the on-site problem is solved and the authentication is successful.