Troubleshooting Nac Guest Server Authentication Error

Unanswered Question
Apr 30th, 2011
User Badges:

Hello Everybody,

I installed NGS 2.0.2 for wireless guest user management and authentication. I implement webauth via webauth page on wlc deployed.

One Branch with a WLC5508 version 7.0 wireless anchor controller is working on the NGS.

But now I integrate next branch with WLC4402 version 6.0.188 and the authentication of users at the new branch gets an error, wrong user/password.

I double checked configuration and user/password but I can't find any configuration error. Also stopping and starting of radius service and reboot of NGS still does not help.

I tried to debug the radius via web interface and watched for the loggfile and there is still a reject.

I also tried the freeradius command radiusd -X but I got an error when starting the radiusd -X.

1.) How can I figure out, if I will get the correct password from my WLC ?

Are there any debug options to see more ? e.g. some cli commands, radiustest utilities or did someone know how to get the received password from the chap challenge of the debug ?

2.) I have appended a part from my radius loggfile. How can I find the detailed error in the radius loggfile ?

     Is it correct that the password in the debug file is empty ?

     raiuds logg line "[radius-user-auth] expand: %{User-Password} -> "

Best Regards


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Vinay Sharma Mon, 05/09/2011 - 07:57
User Badges:
  • Gold, 750 points or more

Hi Alois,

This looks more a AAA related issue so moving it to AAA domain for faster response from Experts.



alois.heilmaier... Fri, 09/23/2011 - 04:21
User Badges:


updated WLC4402 to version, same version is on WLC5508.

But WLC4402 has the same problem for authentication, like with 6.0.188 again.

Any suggestions on this problem ?

Best Regards


alois.heilmaier... Tue, 12/27/2011 - 01:59
User Badges:


think I found the error.

Config guide for external web-auth showed radius-auth method is configurable.

"config custom-web radiusauth "

Config guide of NGS has a small but important note:

"NAC Guest Server supports only PAP in RADIUS Authentication"

So I checked my configurations (show custom-web all), and now I see the error.

Working controller has PAP authentication configured, failed controller has CHAP authentication configured.

I will change the congfiguration and test it, but I think that's the problem, because NGS does not support CHAP based authentication.

Best Regards



This Discussion

Related Content