You are here: Home > CLI Commands > Just_CLI_Topics > aaa query-user

aaa query-user

aaa query-user <auth-server> <user-name> <mac-address>

Description

Troubleshoot an authentication failure by verifying that the user exists in the authentication server database.

Syntax

Parameter

Description

<auth-server>

Name of a configured authentication server.

<user-name>

Name of a user whose authentication record you want to view.

<mac-address>

MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network.  address of the client.

Usage Guidelines

If the Admin-DNDistinguished Name. A series of fields in a digital certificate that, taken together, constitute the unique identity of the person or device that owns the digital certificate. Common fields in a DN include country, state, locality, organization, organizational unit, and the “common name”, which is the primary name used to identify the certificate. binds successfully but the wireless user fails to authenticate, issue this command to troubleshoot whether the problem is with the wireless network, the managed device, or the authentication server. The aaa query-user <auth_server> <username> <mac-address> command to make the managed device sends a search query to find the user. If that search fails in spite of the user being in the server database, it is most probable that the base DNDistinguished Name. A series of fields in a digital certificate that, taken together, constitute the unique identity of the person or device that owns the digital certificate. Common fields in a DN include country, state, locality, organization, organizational unit, and the “common name”, which is the primary name used to identify the certificate. where the search was started was not correct. In such case, it is advisable to make the base DNDistinguished Name. A series of fields in a digital certificate that, taken together, constitute the unique identity of the person or device that owns the digital certificate. Common fields in a DN include country, state, locality, organization, organizational unit, and the “common name”, which is the primary name used to identify the certificate. at the root of the authentication server tree.

Example

The example below shows part of the output for an LDAPLightweight Directory Access Protocol. LDAP is a communication protocol that provides the ability to access and maintain distributed directory information services over a network. record for the username JDOE.

(host) [mynode] #aaa query-user eng JDOE

(host) [mynode] #objectClass: top

(host) [mynode] #objectClass: person

(host) [mynode] #objectClass: organizationalPerson

(host) [mynode] #objectClass: user

(host) [mynode] #cn: John Doe

(host) [mynode] #sn: Doe

(host) [mynode] #userCertificate: 0\202\005\2240\202\004|\240\003\002\001\002\002\012H\011\333K

(host) [mynode] #userCertificate: 0\202\005\2240\202\004|\240\003\002\001\002\002\012]\350\346F

(host) [mynode] #userCertificate: 0\202\005\2240\202\004|\240\003\002\001\002\002\012\023\001\017\240

(host) [mynode] #userCertificate: 0\202\005\2240\202\004|\240\003\002\001\002\002\012\031\224/\030

(host) [mynode] #userCertificate: 0\202\005~0\202\004f\240\003\002\001\002\002\012\031\223\246\022

(host) [mynode] #userCertificate: 0\202\005\2240\202\004|\240\003\002\001\002\002\012\037\177\374\305

(host) [mynode] #givenName: JDE

(host) [mynode] #distinguishedName: CN=John Doe,CN=Users,DC=eng,DC=net

(host) [mynode] #instanceType: 4

(host) [mynode] #whenCreated: 20060516232817.0Z

(host) [mynode] #whenChanged: 20081216223053.0Z

(host) [mynode] #displayName: John Doe

(host) [mynode] #uSNCreated: 24599

(host) [mynode] #memberOf: CN=Cert_Admins,CN=Users,DC=eng,DC=net

(host) [mynode] #memberOf: CN=ATAC,CN=Users,DC=eng,DC=net

(host) [mynode] #uSNChanged: 377560

(host) [mynode] #department: eng

(host) [mynode] #name: John Doe

...

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system.

Enable mode on Mobility Master.

/*]]>*/