2003 Microsoft IAS Radius with AAA configs

Unanswered Question
Sep 26th, 2007

Radius AAA works great until I have to change my windows password

(ie every 180 days). After changing password, I cannot access routers or switches.

The workaround is to reset my password back to the original password.

How do I get around this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gmarogi Wed, 10/03/2007 - 18:08

Send the following information from your IAS server to proceed for further troubleshooting.

1. Are you using any 802.1x/EAP authentication?

2. Send me the router/switch configurations relevant to AAA

3. Capture debug aaa authentication on your router/switch and send me the entire debug output captured. Based on that only, I can understand what is actually happening during the failed authentication.

Jagdeep Gambhir Fri, 10/05/2007 - 11:41

Hi,

If you are using telnet then that is not supported as telnet uses PAP and password expiry is not supported by PAP (we need mschapv2)

.RADIUS-based Windows Password Aging-Users must be in the Windows user database and be using a RADIUS client/supplicant that supports changing passwords by using Microsoft-Challenge Authentication Handshake Protocol (MS-CHAP).

You can use this to change your password,

http://www.greyware.com/software/domainpassword/

Hope that helps

Regards,

~JG

Actions

This Discussion

 

 

Trending Topics - Security & Network