Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AAA, RADIUS on NT4

I have a router which uses Radius to authenticate dial-in users. The Radius server is an NT4 box running Internet Authentication Services (the radius server included in the NT4 option pack). Any users that are configured on the NT4 box in the Radius servers local database can dial in fine. Any users which are in the domain will not authenticate. In the NT server's event log I get an error 8199. When looking on the Microsoft web site at http://support.microsoft.com/default.aspx?scid=kb;en-us;183337 I get a response regarding vendor attributes used by 3Com.

This happens no matter what authentication type I use (CHAP PAP or MS-CHAP) so I don't believe it is related to reversible encryption being needed on the NT domain.

Does anyone have any suggestions?

Thanks in advance,

Peter

2 REPLIES
New Member

Re: AAA, RADIUS on NT4

What you can do is you can send it as a atrribute rather than a VSA. Aslo your radius config on router would be

radius-server host x.x.x.x auth-port xxx acct-port xxx non-standard

New Member

Re: AAA, RADIUS on NT4

I have changed it to use a ppp authenticate pap ms-chap chap radius-set and it now works (radius-set is the name of my authentication method set, looking through the debugs it works using pap), however before it didn't seem to work when I had ppp authenticate pap chap radius-set.

I also tried using ppp authentication ms-chap chap radius-set and it did not work. The customer is happy using pap, but I would prefer to change it to ms-chap or chap if I can get it to work. Supposedly chap will work if I change the domain to use reversible encryption, but I want to avoid that.

Rgds,

Peter

167
Views
0
Helpful
2
Replies
CreatePlease login to create content