Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
529
Views
0
Helpful
4
Replies

dot1x authentication using Radius 2003 and cat 6513

sagar.shetty
Level 1
Level 1

‎12-30-2005 04:27 AM

Hi,

I have installed a new Radius server on 2003 enterprise edition and configured my cat 6513(cat OS) as radius client.

When I test my radius server using Xp client, I get authentication failure log message and the client is not able to log on to the domain.

I am using PEAP-MSCHAP-V2 as the authentication method.dot1x has been configured on the switchport where client Xp is connected.

I cannot understand where the things are going wrong.

Pls help

Labels:
0 Helpful
4 Replies 4

Georg Pauwen
VIP
VIP

‎12-30-2005 09:51 AM

Hello Sagar,

a cople of things could be going wrong here. Which RADIUS server software are you using ? I know of one problem that can be fixed for XP clients by means of a hotfix, check this link:

PEAP authentication is not successful when you connect to a third-party RADIUS server

http://support.microsoft.com/kb/885453/en-us

Also, which CatOS version are you running ?

Regards,

GP

0 Helpful

sagar.shetty
Level 1
Level 1
In response to Georg Pauwen

‎12-31-2005 12:40 AM

Hi Georg,

I am using the IAS feature of Windows 2003.

The IOS version of my CatOS is 6.4(10).

Regards

Sagar

0 Helpful

eenest
Level 1
Level 1

‎12-31-2005 12:55 AM

In Windows Server 2003 there's a registry setting to check all the fields of the Radius packet. (Google for it). My _strong_ recommendation is to turn this feature off.

0 Helpful

sagar.shetty
Level 1
Level 1
In response to eenest

‎01-01-2006 01:36 AM

Hi,

There was a remote access policy that was configured as Ethernet. When I remove that policy, I was able to logon. Here's the IAS log which defines NAs port-type="not present" which I am not able to understand.

User ITLINFOSYS\sagar_shetty was granted access.

Fully-Qualified-User-Name = ad.infosys.com/IND/BLR/KEC/Users/GEN/Sagar Ramanna Shetty

NAS-IP-Address = XX.YY.ZZ.AA

NAS-Identifier =

Client-Friendly-Name = B19_20 Radius Client

Client-IP-Address = AA.BB.CC.DD

Calling-Station-Identifier =

NAS-Port-Type =

NAS-Port =

Proxy-Policy-Name = Use Windows authentication for all users

Authentication-Provider = Windows

Authentication-Server =

Policy-Name = Connections to Microsoft Routing and Remote Access server

Authentication-Type = PEAP

EAP-Type = Secured password (EAP-MSCHAP v2)

regards

0 Helpful
Customers Also Viewed These Support Documents