Trace tools 409

A user fails to connect to the Nortel SNAS domain

The following are common reasons why a user may have difficulty
authenticating to the Nortel SNAS domain or why a client connection
cannot be established.
The user name or password is wrong.
The configured authentication server cannot be reached.
The group name retrieved from the authentication server does not exist
on the Nortel SNAS.
Trace tools Use the /maint/starttrace command to trace the different steps
involved in a specific process, such as authorization.
>> Main# maint/starttrace
Enter tags (list of all,aaa,dhcp,dns,ssl,tg,snas,patchlink,ra
dius,nap) [all]: aaa,ssl
Enter Domain (or 0 for all Domains) [0]:
Output mode (interactive/tftp/ftp/sftp) [interactive]:
For more information about the starttrace command, the tags you can
specify for the trace, and the available output modes, see “Performing
maintenance” (page 353).
Table 63 "Sample output for the trace command" (page 409) shows
sample output for the various tags.
Table 63
Sample output for the trace command
Tag Description Sample output
aaa Logs authentication
method, user
name, group, and
profile
>> Maintenance#
12:54:08.875111: Trace started
12:54:28.834571 10.1.82.145 (1) aaa: "local user db
Accept 1:john with groups ["trusted"]"
12:54:28.835144 10.1.82.145 (1) aaa: "final groups
for user: john groups: trusted:<base> "
12:54:29.917926 10.1.82.145 (1) aaa: "new groups for
user: john groups: trusted:<base> "
dns Logs failed DNS
lookups made
during a session
>> Maintenance#
13:00:09.868682 10.1.82.145 (1) dns: "Failed to
lookup www.example.com in DNS (DNS domain name does
not exist)"
Nortel Secure Network Access Switch
Using the Command Line Interface
NN47230-100 03.01 Standard
28 July 2008
Copyright © 2007,2008 NortelNetworks
.