ACS 4.2 VPN auth with Iphone

Unanswered Question
Sep 14th, 2009

Authentication failes with message:

ACS MSCHAP password is invalid.

Group auth works perfect.

This problem only occurs when the local ACS User has an \ in the username


The auth works perfect with the same password and the Username user123 without Domain.

The problem occurs with ACS internal Database and with Windows Database configured for the Users123's Password Authentication

Can anybody help with this?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mchin345 Fri, 09/18/2009 - 09:51

The error message you see implies that the user's entry is set to authenticate to the ACS itself and the MS-CHAP password defined within ACS is not defined correctly.

Check under the user setup what the "password authentication" dropdown is set to. Is it set to "ACS Internal database"? This is likely why you are seeing this error - it should instead list "Windows Database".

make sure ACS presently supports MS-CHAP version 1. ACS versions 3.0 and later support MS-CHAP versions 1 and 2.

rvopel Wed, 09/23/2009 - 06:01

Hello mchin345,

thank for your answer.

1) The password authentication is set to "Windows Database"

2) The ACS is set to MS-CHAP Version 1 and 2.

The authentication works with a User Example1:

PaulMeyer but not the the same User settings with the User named



With a user who has a \ in the username it doesn't work!

This is strange but several times verified.

Other ideas?


This Discussion