Cisco Support Community
Community Member

ASA5500 V8.2 integration with IAS adn etoken pass


I am needing help or direction to a document whcih can assist me solving the below issue:

1). Authentication to IAS with OTP.

2). AV Pairs for Cisco ASA.

In brief I have Radius via IAS, authentication working with the standard username and password from AD.

When I implement the OTP feature I receive the error username or password not valid as per the below:

Event Type:    Warning
Event Source:    IAS
Event Category:    None
Event ID:    2
Date:        8/1/2010
Time:        2:08:13 PM
User:        N/A
Computer:    NTS-RADIUS2
User erezsh was denied access.
Fully-Qualified-User-Name = NTS-QA\erezsh
NAS-IP-Address =
NAS-Identifier = <not present>
Called-Station-Identifier = <not present>
Calling-Station-Identifier = <not present>
Client-Friendly-Name = Cisco-ASA
Client-IP-Address =
NAS-Port-Type = Virtual
NAS-Port = 40
Proxy-Policy-Name = General
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = PAP
EAP-Type = <undetermined>
Reason-Code = 16
Reason = Authentication was not successful because an unknown user name or incorrect password was used.

The OTP feature uses a xml plugin whcih appears straightforward, but I feel is causing me the issue:


The question in relation to the above is is there an av attribute for the ASA for pap credentials (Password).

Any help or direction would be appreciated.

Thanks in Advance.

Jack Wikinski.

CreatePlease to create content