WLC Web-auth fail with external RADIUS server

Unanswered Question
Jul 4th, 2007
User Badges:

I follow step by step the link bellow to configure web-auth with external RADIUS server but I receive a error on console debug of the WLC "Returning AAA Error No Server (-7) for mobile"

My Radius Server is fine, because I can authenticate on WLC Web page with RADIUS user.

WLC 4402 version 4.1.171.0

http://www.cisco.com/en/US/products/ps6366/prod_technical_reference09186a0080706f5f.html

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
exploit canaltp Wed, 10/26/2011 - 02:22
User Badges:

Hi,


I am having some issues when I try to authenticate an AD account against a NAP Radius Server on Windows 2008.

In fact, I own a WLC 2106 and I configured it to authenticate users againts a radius Server with Active Directory. I set the Web Radius Authentication to CHAP on the controller tab from the WLC 2106 and i am getting the error below  

: Authentication failed for gcasanova. When I set the controller to  Web Radius Authentication to PAP, everything is working fine. I am able to connect to through the controller using an AD Account. But my purpose is not use PAP which is an unsecure protocol since password are sent as plaintext on the network.


Can someone tell me what's wrong?



*radiusTransportThread: Oct 26 11:02:13.975:    proxyState......................                                                                                                 .............00:24:D7:40:E5:00-00:00

*radiusTransportThread: Oct 26 11:02:13.975:    Packet contains 0 AVPs:

*emWeb: Oct 26 11:02:13.977: Authentication failed for gcasanova
*aaaQueueReader: Oct 26 11:02:29.985: AuthenticationRequest: 0xb6564634


*aaaQueueReader: Oct 26 11:02:29.985:   Callback.....................................0x8576720

*aaaQueueReader: Oct 26 11:02:29.985:   protocolType.................................0x00000001

*aaaQueueReader: Oct 26 11:02:29.985:   proxyState...................................00:24:D7:40:E5:00-00:00

*aaaQueueReader: Oct 26 11:02:29.986:   Packet contains 11 AVPs (not shown)

*aaaQueueReader: Oct 26 11:02:29.986: apfVapRadiusInfoGet: WLAN(4) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*aaaQueueReader: Oct 26 11:02:29.986: 00:24:d7:40:e5:00 Successful transmission of Authentication Packet (id 86) to 10.2.0.15:1812, proxy state 00:24:d7:40:e5:00-00:00
*aaaQueueReader: Oct 26 11:02:29.987: 00000000: 01 56 00 9a 8e 48 e7 20  1d ef be 29 e6 3a 61 6d  .V...H.....).:am
*aaaQueueReader: Oct 26 11:02:29.987: 00000010: 2b de 07 24 01 0b 67 63  61 73 61 6e 6f 76 61 3c  +..$..gcasanova<
*aaaQueueReader: Oct 26 11:02:29.987: 00000020: 12 3c ce a0 87 ac df 7a  a5 35 af 7c ef 83 c7 58  .<.....z.5.|...X
*aaaQueueReader: Oct 26 11:02:29.987: 00000030: ed 03 13 28 a7 5a 0d 26  6d ab 49 ea da 7c 5a 8e  ...(.Z.&m.I..|Z.
*aaaQueueReader: Oct 26 11:02:29.987: 00000040: 1d 94 70 69 06 06 00 00  00 01 04 06 0a 02 00 06  ..pi............
*aaaQueueReader: Oct 26 11:02:29.987: 00000050: 05 06 00 00 00 01 20 0a  50 41 52 2d 57 4c 43 31  ........PAR-WLC1
*aaaQueueReader: Oct 26 11:02:29.987: 00000060: 3d 06 00 00 00 13 1a 0c  00 00 37 63 01 06 00 00  =.........7c....
*aaaQueueReader: Oct 26 11:02:29.988: 00000070: 00 04 1f 0c 31 30 2e 32  2e 30 2e 31 35 36 1e 0a  ....10.2.0.156..
*aaaQueueReader: Oct 26 11:02:29.988: 00000080: 31 30 2e 32 2e 30 2e 36  50 12 7f 86 5a c5 61 ad  10.2.0.6P...Z.a.
*aaaQueueReader: Oct 26 11:02:29.988: 00000090: af 54 fa fa 42 e7 f6 16  9e 10                    .T..B.....
*radiusTransportThread: Oct 26 11:02:29.988: 00000000: 03 56 00 14 a9 10 07 84  83 00 87 83 b9 10 64 e1  .V............d.
*radiusTransportThread: Oct 26 11:02:29.988: 00000010: 66 b3 c5 5e                                       f..^
*radiusTransportThread: Oct 26 11:02:29.988: ****Enter processIncomingMessages: response code=3

*radiusTransportThread: Oct 26 11:02:29.988: ****Enter processRadiusResponse: response code=3

*radiusTransportThread: Oct 26 11:02:29.988: 00:24:d7:40:e5:00 Access-Reject received from RADIUS server 10.2.0.15 for mobile 00:24:d7:40:e5:00 receiveId = 0
*radiusTransportThread: Oct 26 11:02:29.989: 00:24:d7:40:e5:00 Returning AAA Error 'Authentication Failed' (-4) for mobile 00:24:d7:40:e5:00
*radiusTransportThread: Oct 26 11:02:29.989: AuthorizationResponse: 0xb97fe774


*radiusTransportThread: Oct 26 11:02:29.989:    structureSize................................32

*radiusTransportThread: Oct 26 11:02:29.989:    resultCode...................................-4

*radiusTransportThread: Oct 26 11:02:29.989:    protocolUsed.................................0xffffffff

*radiusTransportThread: Oct 26 11:02:29.989:    proxyState...................................00:24:D7:40:E5:00-00:00

*radiusTransportThread: Oct 26 11:02:29.989:    Packet contains 0 AVPs:

Actions

This Discussion

 

 

Trending Topics - Security & Network