Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACSv5.2 with NGS 2.0.3 for Guest Wireless Access

Hi all,

I'm trying to implement Guest Wireless Access using NGS and ACS....

I am very close to have the solution working but I am having one last little problem which I am hoping someone would be able to help with or at least point me in the right direction....at the moment, this is what it is happening.....

  • The client connects to the newly created “guest” SSID
  • When the client opens a web browser, she/he is re-directed to the Web-Authentication page stored on the NGS (for that specific SSID)
  • The user then goes and types his library card number and PIN code
  • At the moment, and for simplicity sake, the user details are stored as local users on the ACS (have imported a CSV file onto ACS)
  • The NGS passes those details (library card and PIN) onto the ACS
  • On the ACS logs, I can actually see that the specific guest user passes authentication
  • And, on the firewall we can see the radius messages from the ACS to the NGS confirming user has passed authentication

However, after all the above, the end result is that the client gets a message on her/his screen saying “invalid username and password”

From the above, the problem seems to be at the NGS side but...

Not sure if it is a bug....

Or an incompatibility between NGSv2.0.3 and ACSv5.2...

Or missing configuration – found some suggestions that the client should be sending the Caller-Station-ID attribute....which, when looking on the ACS logs it is missing

The below is and output from the NGS logs....

Ready to process requests.

rad_recv: Access-Request packet from host 2.2.2.2 port 32769, id=12, length=144

User-Name = "9000188011"

User-Password = "1111"

Service-Type = Login-User

NAS-IP-Address = 2.2.2.2

NAS-Port = 13

NAS-Identifier = "CONTROLLER"

NAS-Port-Type = Wireless-802.11

Airespace-Wlan-Id = 7

Calling-Station-Id = "3.3.3.3"

Called-Station-Id = "2.2.2.2"

Message-Authenticator = 0x4f95c48e4c74d642c8bba5090ec587ee

+- entering group authorize {...}

[radius-user-auth] expand: %{User-Name} -> 9000188011

[radius-user-auth] expand: %{User-Password} -> 1111

[radius-user-auth] expand: %{NAS-IP-Address} -> 2.2.2.2

[radius-user-auth] expand: %{Calling-Station-Id} -> 3.3.3.3

Exec-Program output:

Exec-Program: returned: 1

++[radius-user-auth] returns reject

Delaying reject of request 1 for 1 seconds

Going to the next request

Waking up in 0.6 seconds.

Sending delayed reject for request 1

Sending Access-Reject of id 12 to 2.2.2.2 port 32769

Waking up in 4.9 seconds.

Waking up in 0.1 seconds.

Exiting normally.

rlm_sql (sql): Closing sqlsocket 13

rlm_sql (sql): Closing sqlsocket 12

rlm_sql (sql): Closing sqlsocket 11

rlm_sql (sql): Closing sqlsocket 10

rlm_sql (sql): Closing sqlsocket 9

rlm_sql (sql): Closing sqlsocket 8

rlm_sql (sql): Closing sqlsocket 7

rlm_sql (sql): Closing sqlsocket 6

rlm_sql (sql): Closing sqlsocket 5

rlm_sql (sql): Closing sqlsocket 4

rlm_sql (sql): Closing sqlsocket 3

rlm_sql (sql): Closing sqlsocket 2

rlm_sql (sql): Closing sqlsocket 1

rlm_sql (sql): Closing sqlsocket 0

[FAILED]

Thanks in advance.

325
Views
0
Helpful
0
Replies