2003 Microsoft IAS Radius with AAA configs

Unanswered Question
Sep 26th, 2007
User Badges:
  • Bronze, 100 points or more

Radius AAA works great until I have to change my windows password

(ie every 180 days). After changing password, I cannot access routers or switches.

The workaround is to reset my password back to the original password.


How do I get around this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gmarogi Wed, 10/03/2007 - 18:08
User Badges:
  • Bronze, 100 points or more

Send the following information from your IAS server to proceed for further troubleshooting.

1. Are you using any 802.1x/EAP authentication?

2. Send me the router/switch configurations relevant to AAA

3. Capture debug aaa authentication on your router/switch and send me the entire debug output captured. Based on that only, I can understand what is actually happening during the failed authentication.

Jagdeep Gambhir Fri, 10/05/2007 - 11:41
User Badges:
  • Red, 2250 points or more

Hi,

If you are using telnet then that is not supported as telnet uses PAP and password expiry is not supported by PAP (we need mschapv2)


.RADIUS-based Windows Password Aging-Users must be in the Windows user database and be using a RADIUS client/supplicant that supports changing passwords by using Microsoft-Challenge Authentication Handshake Protocol (MS-CHAP).


You can use this to change your password,


http://www.greyware.com/software/domainpassword/


Hope that helps


Regards,

~JG

Actions

This Discussion

 

 

Trending Topics - Security & Network