Web-auth - CHAP with Microsoft IAS

Unanswered Question
Scott Fella Tue, 02/10/2009 - 07:00
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

I havent' tried it, but do you have CHAP enabled on the IAS box? If not then this is how you enable it if you don't have it enabled already.


To enable authentication protocols

Open Routing and Remote Access.


Right-click the server name for which you want to enable authentication protocols, and then click Properties.


On the Security tab, click Authentication Methods.


In the Authentication Methods dialog box, select the appropriate check boxes for the authentication protocols that the remote access server will use to authenticate remote clients, and then click OK.



Yes I have enabled CHAP in both Routing and Remote Access AND the IAS remote access profile properties but still get a Access-Reject Msg.



Output from debug aaa all enable:


00:1d:e0:0b:c5:dd Successful transmission of Authentication Packet (id 57) to 10.2.13.134:1812, proxy state 00:1d:e0:0b:c5:dd-00:01

Tue Feb 10 08:59:21 2009: 00000000: 01 39 00 81 b4 4b 73 c1 dd c7 92 a4 31 0a c2 5a .9...Ks.....1..Z

Tue Feb 10 08:59:21 2009: 00000010: c6 25 65 37 01 0a 73 6a 6f 68 6e 73 6f 6e 3c 12 .%e7..sjohnson<.

Tue Feb 10 08:59:21 2009: 00000020: 19 30 41 07 89 3c 39 c5 eb a2 08 13 7c a0 21 cb .0A..<9.....|.!.

Tue Feb 10 08:59:21 2009: 00000030: 03 13 04 a6 7e 93 19 42 92 ae cd d8 94 1e 0d e0 ....~..B........

Tue Feb 10 08:59:21 2009: 00000040: 0b 95 d0 06 06 00 00 00 01 04 06 c0 a8 64 0a 20 .............d..

Tue Feb 10 08:59:21 2009: 00000050: 05 57 4c 43 1a 0c 00 00 37 63 01 06 00 00 00 01 .WLC....7c......

Tue Feb 10 08:59:21 2009: 00000060: 1f 11 31 39 32 2e 31 36 38 2e 31 30 30 2e 31 30 ..192.168.100.10

Tue Feb 10 08:59:21 2009: 00000070: 36 1e 10 31 39 32 2e 31 36 38 2e 31 30 30 2e 31 6..192.168.100.1

Tue Feb 10 08:59:21 2009: 00000080: 30 0

Tue Feb 10 08:59:21 2009: 00000000: 03 39 00 14 fc a7 d6 13 84 af 26 34 b4 a0 39 29 .9........&4..9)

Tue Feb 10 08:59:21 2009: 00000010: c3 d9 ed 5c ...\

Tue Feb 10 08:59:21 2009: ****Enter processIncomingMessages: response code=3

Tue Feb 10 08:59:21 2009: ****Enter processRadiusResponse: response code=3

Tue Feb 10 08:59:21 2009: 00:1d:e0:0b:c5:dd Access-Reject received from RADIUS server 10.2.13.134 for mobile 00:1d:e0:0b:c5:dd receiveId = 0

Tue Feb 10 08:59:21 2009: 00:1d:e0:0b:c5:dd Returning AAA Error 'Authentication Failed' (-4) for mobile 00:1d:e0:0b:c5:dd

Tue Feb 10 08:59:21 2009: AuthorizationResponse: 0x36bf7880

Tue Feb 10 08:59:21 2009: structureSize................................28

Tue Feb 10 08:59:21 2009: resultCode...................................-4

Tue Feb 10 08:59:21 2009: protocolUsed.................................0xffffffff

Tue Feb 10 08:59:21 2009: proxyState...................................00:1D:E0:0B:C5:DD-00:00

Tue Feb 10 08:59:21 2009: Packet contains 0 AVPs:

Tue Feb 10 08:59:21 2009: Authentication failed for sjohnson

Scott Fella Tue, 02/10/2009 - 10:52
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Do you have a guest anchor wlc or a stand alone wlc?

jasonhumes Tue, 02/10/2009 - 11:33
User Badges:

Hi

I'm trying to get WebAuth working, period, with IAS 2003. Can you provide me with an example of the policy you created on the IAS server? I have it set for 'time of day' and 'user is a member of group x' and left everything else default, yet all my web users are being rejected. Is there something else you had to do to get this working, even with PAP? (we do not care about encryption as this is a public access network). THanks very much.


J

jasonhumes Wed, 02/25/2009 - 08:18
User Badges:

Actions

This Discussion

 

 

Trending Topics - Security & Network