I have a router which uses Radius to authenticate dial-in users. The Radius server is an NT4 box running Internet Authentication Services (the radius server included in the NT4 option pack). Any users that are configured on the NT4 box in the Radius servers local database can dial in fine. Any users which are in the domain will not authenticate. In the NT server's event log I get an error 8199. When looking on the Microsoft web site at http://support.microsoft.com/default.aspx?scid=kb;en-us;183337 I get a response regarding vendor attributes used by 3Com.
This happens no matter what authentication type I use (CHAP PAP or MS-CHAP) so I don't believe it is related to reversible encryption being needed on the NT domain.
I have changed it to use a ppp authenticate pap ms-chap chap radius-set and it now works (radius-set is the name of my authentication method set, looking through the debugs it works using pap), however before it didn't seem to work when I had ppp authenticate pap chap radius-set.
I also tried using ppp authentication ms-chap chap radius-set and it did not work. The customer is happy using pap, but I would prefer to change it to ms-chap or chap if I can get it to work. Supposedly chap will work if I change the domain to use reversible encryption, but I want to avoid that.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :