Authentication with MS-IAS / AD

Unanswered Question
Jun 28th, 2010

I'm trying to control the access of my LAN by authenticate user with EAP / MSIAS + AD.

The IAS denied the access with error 112: The remote RADIUS server did not process the authentication request.

I setup the IAS policy to answer with vendor specific 64:"VLAN", 65:802, 81:10

Is somebody already acheive to use MS-IAS Radius authentication with a Cisco switch 2960

Mon Jun 28 12:22:49 2010: <191>4105: Jun 28 12:22:49.122 UTC+1: RADIUS(00000098): Send Access-Request to 10.221.136.14:1645 id 1645/56, len 211
Mon Jun 28 12:22:49 2010: <191>4106: Jun 28 12:22:49.122 UTC+1: RADIUS:  authenticator 91 EC 87 87 89 0E AF 79 - 76 CE 5A 61 ED 1A D7 AC
Mon Jun 28 12:22:49 2010: <191>4107: Jun 28 12:22:49.122 UTC+1: RADIUS:  User-Name           [1]   17  "EUROPE\ParisAdm"
Mon Jun 28 12:22:49 2010: <191>4108: Jun 28 12:22:49.122 UTC+1: RADIUS:  Service-Type        [6]   6   Framed                    [2]
Mon Jun 28 12:22:49 2010: <191>4109: Jun 28 12:22:49.122 UTC+1: RADIUS:  Framed-MTU          [12]  6   1500                     
Mon Jun 28 12:22:49 2010: <191>4110: Jun 28 12:22:49.122 UTC+1: RADIUS:  Called-Station-Id   [30]  19  "00-24-51-55-47-84"
Mon Jun 28 12:22:49 2010: <191>4111: Jun 28 12:22:49.122 UTC+1: RADIUS:  Calling-Station-Id  [31]  19  "00-14-22-BF-46-40"
Mon Jun 28 12:22:49 2010: <191>4112: Jun 28 12:22:49.122 UTC+1: RADIUS:  EAP-Message         [79]  22 
Mon Jun 28 12:22:49 2010: <191>4113: Jun 28 12:22:49.122 UTC+1: RADIUS:   02 02 00 14 01 45 55 52 4F 50 45 5C 50 61 72 69 73 41 64 6D   [ EUROPE\ParisAdm]
Mon Jun 28 12:22:49 2010: <191>4114: Jun 28 12:22:49.122 UTC+1: RADIUS:  Message-Authenticato[80]  18 
Mon Jun 28 12:22:49 2010: <191>4115: Jun 28 12:22:49.122 UTC+1: RADIUS:   27 E9 35 4C C3 69 99 B0 1B D9 3A 08 84 C0 71 E4            [ '5Li:q]
Mon Jun 28 12:22:49 2010: <191>4116: Jun 28 12:22:49.122 UTC+1: RADIUS:  Vendor, Cisco       [26]  49 
Mon Jun 28 12:22:49 2010: <191>4117: Jun 28 12:22:49.122 UTC+1: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=C0A8FE030000006B13A4833C"
Mon Jun 28 12:22:49 2010: <191>4118: Jun 28 12:22:49.122 UTC+1: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]
Mon Jun 28 12:22:49 2010: <191>4119: Jun 28 12:22:49.122 UTC+1: RADIUS:  NAS-Port            [5]   6   50004                    
Mon Jun 28 12:22:49 2010: <191>4120: Jun 28 12:22:49.122 UTC+1: RADIUS:  NAS-Port-Id         [87]  17  "FastEthernet0/4"
Mon Jun 28 12:22:49 2010: <191>4121: Jun 28 12:22:49.122 UTC+1: RADIUS:  NAS-IP-Address      [4]   6   192.168.254.3            
Mon Jun 28 12:22:50 2010: <191>4122: Jun 28 12:22:49.206 UTC+1: RADIUS: Received from id 1645/56 10.221.136.14:1645, Access-Reject, len 20
Mon Jun 28 12:22:50 2010: <191>4123: Jun 28 12:22:49.206 UTC+1: RADIUS:  authenticator CC 28 1A 22 28 32 F2 27 - 79 1F 2B 01 32 C5 AD BC
Mon Jun 28 12:22:50 2010: <191>4124: Jun 28 12:22:49.206 UTC+1: RADIUS(00000098): Received from id 1645/56
Mon Jun 28 12:22:52 2010: <187>4125: Jun 28 12:22:50.842 UTC+1: %LINK-3-UPDOWN: Interface FastEthernet0/4, changed state to up

Thx for your help

Pascal

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion