10-21-2010 08:19 AM - edited 03-10-2019 05:30 PM
I'm trying to authenticate VPN connections to a Windows 2008 NPS Radius server.
Local authentication works fine.
Here are cisco configs:
aaa new-model
aaa authentication login default local
aaa authentication login VPNauth group radius local
aaa authorization network VPNgroup local
aaa session-id common
ip radius source-interface Loopback0
radius-server host x.x.x.x auth-port 1645 acct-port 1646 key 7 xxxx
crypto map VPNMAP client authentication list VPNauth
crypto map VPNMAP isakmp authorization list VPNgroup
crypto map VPNMAP client configuration address respond
crypto map VPNMAP 10 ipsec-isakmp dynamic dynmap
...
... other crypto commands
This is the section of the log from NPS:
Authentication Details:
Connection Request Policy Name: VPN
Network Policy Name: -
Authentication Provider: Windows
Authentication Server: x.x.x.x
Authentication Type: PAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 16
Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
I do have PAP enabled on the Network/Connection Request Policies...
I'm stuck
Please help
Solved! Go to Solution.
10-21-2010 09:38 AM
Can you run a "teat aaa " command to see if the user can be authenticated successfully?
I think this might be a configuration issue on NPS. You can google it. Here is one I found, refer to "irishHam" post.
10-21-2010 09:38 AM
Can you run a "teat aaa " command to see if the user can be authenticated successfully?
I think this might be a configuration issue on NPS. You can google it. Here is one I found, refer to "irishHam" post.
10-21-2010 10:37 AM
Thanks,
Looks like the issue was the RADIUS shared key... It has to be 22 characters or longer. Mine was only 12.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: