Web auth + radius + ms-chap

Unanswered Question
Jan 3rd, 2008
User Badges:

I set up a web auth with a radius server. I use IAS as radius server. How can I set up the controller (4402) to use mschap? When I see the IAS logs, the controller is always using PAP.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
irisrios Wed, 01/09/2008 - 06:24
User Badges:
  • Silver, 250 points or more

Try out the CLI command config custom-web radiusauth on the controller and select the auth type as CHAP. But make sure IA server is configured to accept CHAP.

MouhatNicolas Mon, 01/14/2008 - 08:48
User Badges:

Thanks, I found the option in the WebUI, but I can't set up the IAS to work with CHAP. I have constantly an error about passwords that are not reversible.

dancampb Mon, 01/14/2008 - 18:37
User Badges:
  • Cisco Employee,

The CHAP option for the controller is for CHAP, not MS-CHAP. For IAS to be able to authenticate webauth users you need to change the Radius service type from Framed to Login on the IAS server.

MouhatNicolas Thu, 01/17/2008 - 00:26
User Badges:

I set up the controller and IAS as you said, but I still have the error "A reversibly encrypted password does not exist for this account"

dancampb Fri, 01/18/2008 - 06:41
User Badges:
  • Cisco Employee,

Make sure to change the webauth authentication type back to PAP. The IAS server won't be able to unhash the CHAP password.


This Discussion



Trending Topics - Security & Network