Minor Alarm in AerohiveNG: The module auth cannot get the user profile for attribute 11

  • 1
  • Question
  • Updated 3 years ago
I have a lot of alarms like this: The module auth cannot get the user profile for attribute 11
I deep into the AP log an I see the following message:

err ah_auth: ah_auth_get_usrpro_vlan: Get vlan group by upid(11) failed: Resource temporarily unavailable

I don't know what could be the problem

Any Idea?

thanks!
Photo of Joan

Joan

  • 16 Posts
  • 1 Reply Like

Posted 3 years ago

  • 1
Photo of Luke Harris

Luke Harris

  • 265 Posts
  • 18 Reply Likes
It sounds like one of the LUser groups you have assigned to your SSID is returning an attribute number for which you have not defined a corresponding user profile attribute.

Do you have more than one PPSK user group defined for your SSID?
Photo of Joan

Joan

  • 16 Posts
  • 1 Reply Like
This SSID is configured with WPA/WPA2 802.1x whit an external radius (Microsoft NAP)
Photo of Luke Harris

Luke Harris

  • 265 Posts
  • 18 Reply Likes
Can you post a screenshot of your network policy screen? 
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi Joan,

Can you also post the output of "show memory detail" and "show version detail"?

For 802.1X, I suggest that you use the Filter-Id attribute to assign user profiles as it is standards based:

 .

There's a discussion here that is likely to be relevant on the RADIUS attributes to return:

https://community.aerohive.com/aerohive/topics/radius-nps-server-configurations

Regards,

Nick
(Edited)
Photo of Joan

Joan

  • 16 Posts
  • 1 Reply Like
The SSID associated to vlan11 is RJ_Corporate

Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Memory usage and the version you're running are both fine. Just wanted to check! :)

You likely have an error in your configuration that is causing the user profile attribute 11 to not be mappable.

Does a User Profile with attribute number 11 first exist?

You should see something like this:




Is it referenced by the Network Policy under Guided Configuration, 2 - Configure Interfaces and User Access, SSIDs?

This is what the UI shows when a profile is referenced/linked:


(Have you also considered configuring all your SSIDs to be WPA2 only with AES?)
Photo of Joan

Joan

  • 16 Posts
  • 1 Reply Like
Ups, I thing the problem can be in user profile Attribute.
But the question is: how can i change it in HiveManagerNG? there is no option in user profile settings.... (I can only spcify the vlan number)

Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Oops! Sorry, I completely missed that you were using HM-NG despite you mentioning it in the title - mental block, my bad... :(

You do this here via an Assignment Rule that is associated to a User Profile via a RADIUS Attribute condition:



So, under User Access Settings for the SSID, look at the Assignment Rules column.
(Edited)
Photo of Joan

Joan

  • 16 Posts
  • 1 Reply Like
Thanks for your reply...
I can't find this option (I was used to the old environment),,, I don't see wher is User Profile assignment

thank you very much for your patience
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
It's under User Access settings for the SSID where it says Assignment Rules after you toggle the option to "Apply a different User Profile to various clients and user groups":



Add/associate an Assignment Rule and configure it appropriately.
(Edited)
Photo of Joan

Joan

  • 16 Posts
  • 1 Reply Like
Great!
Thanks it was not configured.
I just put this option and wait until tomorrow....

thank you very much!