×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

dot1x authentication using Radius 2003 and cat 6513

Unanswered Question
Dec 30th, 2005
User Badges:

Hi,


I have installed a new Radius server on 2003 enterprise edition and configured my cat 6513(cat OS) as radius client.


When I test my radius server using Xp client, I get authentication failure log message and the client is not able to log on to the domain.


I am using PEAP-MSCHAP-V2 as the authentication method.dot1x has been configured on the switchport where client Xp is connected.


I cannot understand where the things are going wrong.


Pls help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Georg Pauwen Fri, 12/30/2005 - 09:51
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 WAN

Hello Sagar,


a cople of things could be going wrong here. Which RADIUS server software are you using ? I know of one problem that can be fixed for XP clients by means of a hotfix, check this link:


PEAP authentication is not successful when you connect to a third-party RADIUS server


http://support.microsoft.com/kb/885453/en-us


Also, which CatOS version are you running ?


Regards,


GP

sagar.shetty Sat, 12/31/2005 - 00:40
User Badges:

Hi Georg,


I am using the IAS feature of Windows 2003.


The IOS version of my CatOS is 6.4(10).


Regards


Sagar



eenest Sat, 12/31/2005 - 00:55
User Badges:

In Windows Server 2003 there's a registry setting to check all the fields of the Radius packet. (Google for it). My _strong_ recommendation is to turn this feature off.


sagar.shetty Sun, 01/01/2006 - 01:36
User Badges:

Hi,


There was a remote access policy that was configured as Ethernet. When I remove that policy, I was able to logon. Here's the IAS log which defines NAs port-type="not present" which I am not able to understand.


User ITLINFOSYS\sagar_shetty was granted access.

Fully-Qualified-User-Name = ad.infosys.com/IND/BLR/KEC/Users/GEN/Sagar Ramanna Shetty

NAS-IP-Address = XX.YY.ZZ.AA

NAS-Identifier =

Client-Friendly-Name = B19_20 Radius Client

Client-IP-Address = AA.BB.CC.DD

Calling-Station-Identifier =

NAS-Port-Type =

NAS-Port =

Proxy-Policy-Name = Use Windows authentication for all users

Authentication-Provider = Windows

Authentication-Server =

Policy-Name = Connections to Microsoft Routing and Remote Access server

Authentication-Type = PEAP

EAP-Type = Secured password (EAP-MSCHAP v2)



regards

Actions

This Discussion