Does anyone know how to configure a cisco 3524 to authenticate against Internet Authentication Service running on a Windows 2003 server? I have tried different combinations on the server but no luck. This is what I have in my switch (and in my routers)
aaa authentication username-prompt Username:
aaa authentication login connect group radius line
aaa accounting exec default start-stop group radius
Jan 5 08:39:36.622: RADIUS: Received from id 3 172.26.78.176:1645, Access-Reject, len 20
shows that the IAS server is saying that the username/password is invalid, therefore the NAS denies access. You need to look at why the IAS server is rejecting this user, probably around the "policy" you said you have set up. If the IAS server log is saying the user is rejected there's not much you can do about it on the router/switch.
I have found that for enable pass functionality to work when using IAS with Radius, you define a user account in Active Directory called $enab15$ and whatever password you give that account is the enable password used by Cisco devices (i.e. IOS) when authenticating for the enable pass.
All aaa authentication enable default requests sent by the router to a RADIUS server include the username "$enab15$." Requests sent to a TACACS+ server will include the username that is entered for login authentication.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...