Web-auth - CHAP with Microsoft IAS

Unanswered Question
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Scott Fella Tue, 02/10/2009 - 07:00

I havent' tried it, but do you have CHAP enabled on the IAS box? If not then this is how you enable it if you don't have it enabled already.

To enable authentication protocols

Open Routing and Remote Access.

Right-click the server name for which you want to enable authentication protocols, and then click Properties.

On the Security tab, click Authentication Methods.

In the Authentication Methods dialog box, select the appropriate check boxes for the authentication protocols that the remote access server will use to authenticate remote clients, and then click OK.

Yes I have enabled CHAP in both Routing and Remote Access AND the IAS remote access profile properties but still get a Access-Reject Msg.

Output from debug aaa all enable:

00:1d:e0:0b:c5:dd Successful transmission of Authentication Packet (id 57) to 10.2.13.134:1812, proxy state 00:1d:e0:0b:c5:dd-00:01

Tue Feb 10 08:59:21 2009: 00000000: 01 39 00 81 b4 4b 73 c1 dd c7 92 a4 31 0a c2 5a .9...Ks.....1..Z

Tue Feb 10 08:59:21 2009: 00000010: c6 25 65 37 01 0a 73 6a 6f 68 6e 73 6f 6e 3c 12 .%e7..sjohnson<.

Tue Feb 10 08:59:21 2009: 00000020: 19 30 41 07 89 3c 39 c5 eb a2 08 13 7c a0 21 cb .0A..<9.....|.!.

Tue Feb 10 08:59:21 2009: 00000030: 03 13 04 a6 7e 93 19 42 92 ae cd d8 94 1e 0d e0 ....~..B........

Tue Feb 10 08:59:21 2009: 00000040: 0b 95 d0 06 06 00 00 00 01 04 06 c0 a8 64 0a 20 .............d..

Tue Feb 10 08:59:21 2009: 00000050: 05 57 4c 43 1a 0c 00 00 37 63 01 06 00 00 00 01 .WLC....7c......

Tue Feb 10 08:59:21 2009: 00000060: 1f 11 31 39 32 2e 31 36 38 2e 31 30 30 2e 31 30 ..192.168.100.10

Tue Feb 10 08:59:21 2009: 00000070: 36 1e 10 31 39 32 2e 31 36 38 2e 31 30 30 2e 31 6..192.168.100.1

Tue Feb 10 08:59:21 2009: 00000080: 30 0

Tue Feb 10 08:59:21 2009: 00000000: 03 39 00 14 fc a7 d6 13 84 af 26 34 b4 a0 39 29 .9........&4..9)

Tue Feb 10 08:59:21 2009: 00000010: c3 d9 ed 5c ...\

Tue Feb 10 08:59:21 2009: ****Enter processIncomingMessages: response code=3

Tue Feb 10 08:59:21 2009: ****Enter processRadiusResponse: response code=3

Tue Feb 10 08:59:21 2009: 00:1d:e0:0b:c5:dd Access-Reject received from RADIUS server 10.2.13.134 for mobile 00:1d:e0:0b:c5:dd receiveId = 0

Tue Feb 10 08:59:21 2009: 00:1d:e0:0b:c5:dd Returning AAA Error 'Authentication Failed' (-4) for mobile 00:1d:e0:0b:c5:dd

Tue Feb 10 08:59:21 2009: AuthorizationResponse: 0x36bf7880

Tue Feb 10 08:59:21 2009: structureSize................................28

Tue Feb 10 08:59:21 2009: resultCode...................................-4

Tue Feb 10 08:59:21 2009: protocolUsed.................................0xffffffff

Tue Feb 10 08:59:21 2009: proxyState...................................00:1D:E0:0B:C5:DD-00:00

Tue Feb 10 08:59:21 2009: Packet contains 0 AVPs:

Tue Feb 10 08:59:21 2009: Authentication failed for sjohnson

jasonhumes Tue, 02/10/2009 - 11:33

Hi

I'm trying to get WebAuth working, period, with IAS 2003. Can you provide me with an example of the policy you created on the IAS server? I have it set for 'time of day' and 'user is a member of group x' and left everything else default, yet all my web users are being rejected. Is there something else you had to do to get this working, even with PAP? (we do not care about encryption as this is a public access network). THanks very much.

J

jasonhumes Wed, 02/25/2009 - 08:18

Actions

This Discussion

 

 

Trending Topics - Security & Network