1400 Bridge and ACS

Unanswered Question
Dec 21st, 2008

Hi

I've configured 2 1400 bridges with the basic settings and have them working fine using EAP and the local Radius Server,...I now introduced an ACS and have the Root Bridge setup as a AAA client. the ACS is mapped to a external user database group in AD,the user is setup and communication between the root bridge, ACS, and AD is fine, but when the non-root bridge goes to acs to auth it locks up the AD account with multiple bad pswds. From the ACS yo can see the user in the failed auth with bad password ..From what I can see I'm missing something with the credentials,.the passwords are identical but I think its encrypting it when the non-root sends it to the ACS.

there is limited documentation (none) for step by step for EAP auth with a ACS radius server.

What am I missing?

thanks in advance

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (1 ratings)
Loading.
didyap Fri, 12/26/2008 - 11:40

Complete these steps in order to troubleshoot your configuration.

1. In the client-side utility or software, create a new profile or connection with the same or similar parameters in order to ensure that nothing has become corrupted in the configuration of the client.

2. In order to eliminate the possibility of RF issues that prevent successful authentication, temporarily disable authentication as shown in these steps:

o From the CLI, use the commands no authentication open eap eap_methods, no authentication network-eap eap_methods and authentication open.

o From the GUI, on the SSID Manager page, un-check Network-EAP, check Open, and set the dropdown list back to No Addition.

If the client successfully associates, then RF does not contribute to the association problem.

3. Verify that shared secret passwords are synchronized between the access point and the authentication server. Otherwise, you can receive this error message:

Invalid message authenticator in EAP request

o From the CLI, check the line radius-server host x.x.x.x auth-port x acct-port x key .

o From the GUI, on the Server Manager page, re-enter the shared secret for the appropriate server in the box labelled "Shared Secret."

The shared secret entry for the access point on the RADIUS server must contain the same shared secret password as those previously mentioned.

4. Remove any user groups from the RADIUS server. Sometimes conflicts can occur between user groups defined by the RADIUS server, and user groups in the underlying domain. Check the logs of the RADIUS server for failed attempts, and the reasons those attempts failed.

siscospin Mon, 12/29/2008 - 08:19

Sorry,..maybe I wasn't clear,..troubleshooting was done it works with a local Radius but not with ACS 4.1.

This is a non-root bridge that needs to authenticate. Shared secret,..RF,..all that is fine. the problem is that the non-root bridge is sending an encrypted password but not sure where on ACS I have to put the matching settings.

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode