HP 635n HP Jetdirect Print Servers - How to Use 802.1X on HP Jetdirect Print S - Page 78

Server Authentication Problem

Get HP 635n - JetDirect IPv6/IPsec Print Server PDF manuals and user guides
UPC - 882780301016
View all HP 635n manuals
Add to My Manuals
Save this manual to your list of manuals

Page 78 highlights

Here we see that an EAP request for identity is made via the Authenticator (packet 6). Jetdirect returns a response (packet 7) and then the Authenticator returns an EAP failure (packet 8). The first thing to check in this failure mode is the 802.1X User Name on Jetdirect. The Authentication Server does not recognize the user name that Jetdirect is sending back. That one was easy. Server Authentication Problem Once the EAP identity has been verified, the next step for both EAP-TLS and PEAP is to verify that the authentication server is valid. This validation is done through checking the Server Certificate. Two fields are vitally important in Jetdirect's configuration: The server ID field in the 802.1X configuration and the CA Certificate installed on Jetdirect. Here we can see that the server authentication failed. We see clearly from the log that the server ID field of JD does not match the subject name of the certificate. Let's look at different failure, but still a server authentication issue: 78

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
78
Here we see that an EAP request for identity is made via the Authenticator (packet 6).
Jetdirect
returns a response (packet 7) and then the Authenticator returns an EAP failure (packet 8).
The first
thing to check in this failure mode is the 802.1X User Name on Jetdirect.
The Authentication Server
does not recognize the user name that Jetdirect is sending back.
That one was easy.
Server Authentication Problem
Once the EAP identity has been verified, the next step for both EAP-TLS and PEAP is to verify that the
authentication server is valid.
This validation is done through checking the Server Certificate.
Two
fields are vitally important in Jetdirect’s configuration:
The server ID field in the 802.1X configuration
and the CA Certificate installed on Jetdirect.
Here we can see that the server authentication failed.
We see clearly from the log that the server ID
field of JD does not match the subject name of the certificate.
Let’s look at different failure, but still a
server authentication issue: