ASA5500 V8.2 integration with IAS adn etoken pass

Unanswered Question
Aug 2nd, 2010

Hi,

I am needing help or direction to a document whcih can assist me solving the below issue:

1). Authentication to IAS with OTP.

2). AV Pairs for Cisco ASA.

In brief I have Radius via IAS, authentication working with the standard username and password from AD.

When I implement the OTP feature I receive the error username or password not valid as per the below:

Event Type:    Warning
Event Source:    IAS
Event Category:    None
Event ID:    2
Date:        8/1/2010
Time:        2:08:13 PM
User:        N/A
Computer:    NTS-RADIUS2
Description:
User erezsh was denied access.
Fully-Qualified-User-Name = NTS-QA\erezsh
NAS-IP-Address = 10.20.2.249
NAS-Identifier = <not present>
Called-Station-Identifier = <not present>
Calling-Station-Identifier = <not present>
Client-Friendly-Name = Cisco-ASA
Client-IP-Address = 10.20.2.249
NAS-Port-Type = Virtual
NAS-Port = 40
Proxy-Policy-Name = General
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = PAP
EAP-Type = <undetermined>
Reason-Code = 16
Reason = Authentication was not successful because an unknown user name or incorrect password was used.

The OTP feature uses a xml plugin whcih appears straightforward, but I feel is causing me the issue:

<return_pap_cred>false</return_pap_cred>
<return_pap_cred_attribute_number>2</return_pap_cred_attribute_number>

The question in relation to the above is is there an av attribute for the ASA for pap credentials (Password).

Any help or direction would be appreciated.

Thanks in Advance.

Jack Wikinski.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion