ACS 4.2 - Radius stops authenticating - shared secret missing!?

Unanswered Question
Aug 9th, 2009

Have had a ACS 4.2 solution installed across 2 servers (master/slave), everything working fine with devices using it for both RADIUS and TACACS+ authentication. This week however, I have had an issue with a network group that use RADIUS as switches (Nortel) can no longer authenticate. On closer inspection, firstly the shared secret entry has disappeared, if re-enter and submit/apply it's still not there when you query the network interface configuration. I know that the basics of the ACS work, as other devices (PIX,ASA) that use TACACS+ are authenticating fine and that the problem is isolated to RADIUS as another network device (AS5300) has the same issue. This started to happen at the end of last week and I found the service CSRadius had stopped on the server, it was re-started and that solved the problem, however the problem has happened again and this time the relevant services are running.

The only change to the configuration has been additional subnets added to the network interface in question, maybe there's a limit to how many subnets one interface is allowed?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
darpotter Mon, 08/10/2009 - 04:10

First easy test would be to back off the recent config changes and see if you can get back to a working setup.

Then you can add mods one at a time to isolate what breaks it.

Does sound like something is breaking the radius server. You'll probably need to set logging to max, make the error happen then create a package.cab and open a TAC case.

JDiTomaso Mon, 08/10/2009 - 05:48

A clear out has been done, with the network interface re-created, with everything working fine.Its one of those faults that has happened with no changes made to the ACS, nothing in the logs suggest there's a problem caused by a change. The DB replication to the secondary ACS is fine. I believe if this happens again, a TAC case will be logged.

Its just interesting to see the shared secret 'disappear' and I wondered if anyone else has had this happened to them and what was the cause.

Actions

This Discussion