aaa query-user

aaa query-user <auth-server> <user-name> <mac-address>

Description

Troubleshoot an authentication failure by verifying that the user exists in the authentication server database. If the Admin-DN binds successfully but the wireless user fails to authenticate, issue this command to troubleshoot whether the problem is with the wireless network, the managed device, or the authentication server. The aaa query-user <auth_server> <username> <mac-address> command to make the managed device sends a search query to find the user. If that search fails in spite of the user being in the server database, it is most probable that the base DN where the search was started was not correct. In such case, it is advisable to make the base DN at the root of the authentication server tree.

Parameter

Description

<auth-server>

Name of a configured authentication server.

<user-name>

Name of a user whose authentication record you want to view.

<mac-address>

MAC address of the client.

Example

The example below shows part of the output for an LDAP record for the username JDOE.

(host) [mynode] #aaa query-user eng JDOE

(host) [mynode] #objectClass: top

(host) [mynode] #objectClass: person

(host) [mynode] #objectClass: organizationalPerson

(host) [mynode] #objectClass: user

(host) [mynode] #cn: John Doe

(host) [mynode] #sn: Doe

(host) [mynode] #userCertificate: 0\202\005\2240\202\004|\240\003\002\001\002\002\012H\011\333K

(host) [mynode] #userCertificate: 0\202\005\2240\202\004|\240\003\002\001\002\002\012]\350\346F

(host) [mynode] #userCertificate: 0\202\005\2240\202\004|\240\003\002\001\002\002\012\023\001\017\240

(host) [mynode] #userCertificate: 0\202\005\2240\202\004|\240\003\002\001\002\002\012\031\224/\030

(host) [mynode] #userCertificate: 0\202\005~0\202\004f\240\003\002\001\002\002\012\031\223\246\022

(host) [mynode] #userCertificate: 0\202\005\2240\202\004|\240\003\002\001\002\002\012\037\177\374\305

(host) [mynode] #givenName: JDE

(host) [mynode] #distinguishedName: CN=John Doe,CN=Users,DC=eng,DC=net

(host) [mynode] #instanceType: 4

(host) [mynode] #whenCreated: 20060516232817.0Z

(host) [mynode] #whenChanged: 20081216223053.0Z

(host) [mynode] #displayName: John Doe

(host) [mynode] #uSNCreated: 24599

(host) [mynode] #memberOf: CN=Cert_Admins,CN=Users,DC=eng,DC=net

(host) [mynode] #memberOf: CN=ATAC,CN=Users,DC=eng,DC=net

(host) [mynode] #uSNChanged: 377560

(host) [mynode] #department: eng

(host) [mynode] #name: John Doe

...

Command History

Release

Modification

AOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system.

Enable mode on Mobility Conductor.