Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ACS 4.2 VPN auth with Iphone

Authentication failes with message:

ACS MSCHAP password is invalid.

Group auth works perfect.

This problem only occurs when the local ACS User has an \ in the username

Domain\user123

The auth works perfect with the same password and the Username user123 without Domain.

The problem occurs with ACS internal Database and with Windows Database configured for the Users123's Password Authentication

Can anybody help with this?

Thanks

2 REPLIES
Silver

Re: ACS 4.2 VPN auth with Iphone

The error message you see implies that the user's entry is set to authenticate to the ACS itself and the MS-CHAP password defined within ACS is not defined correctly.

Check under the user setup what the "password authentication" dropdown is set to. Is it set to "ACS Internal database"? This is likely why you are seeing this error - it should instead list "Windows Database".

make sure ACS presently supports MS-CHAP version 1. ACS versions 3.0 and later support MS-CHAP versions 1 and 2.

Community Member

Re: ACS 4.2 VPN auth with Iphone

Hello mchin345,

thank for your answer.

1) The password authentication is set to "Windows Database"

2) The ACS is set to MS-CHAP Version 1 and 2.

The authentication works with a User Example1:

PaulMeyer but not the the same User settings with the User named

Example2:

Domain\PaulMeyer

With a user who has a \ in the username it doesn't work!

This is strange but several times verified.

Other ideas?

328
Views
0
Helpful
2
Replies
CreatePlease to create content