05-14-2008 06:34 PM - edited 03-10-2019 03:51 PM
What should be configured/set on the ACS for the Radius ietf authentication?
This is a new setup. Users failed to authenticate via ACS (both local users and AD). Failed attempts are being logged at ACS.
05-15-2008 04:27 AM
Rachelle
If authentication requests are getting to the server then it sounds like most of the router config is in place. If there are entries in the failed attempts logs then there should be an indication of what the error is. What does the failed attempts log have for the error for these attempts?
In my experience the most common errors are not having the same value for the shared key between the router and the server or having the authentication request source address from the router not match the address configured in ACS. What do the failed attempt logs say about the error?
HTH
Rick
05-15-2008 10:08 PM
error are "CS password invalid" for local users of ACS and "External DB user invalid or bad password" for the AD users. Same users are being used for 802.1x authenication, users are authenticated succesfully.
What seems to be the problem?
05-16-2008 12:19 PM
Rachelle
The title in the original post indicates that this is dialup. Can you tell us a bit about the dialup and how it is setup. And can you post the appropriate parts of the router configuration? In particular I am wondering whether the router may be using PAP or CHAP for PPP authentication.
And would I be correct in assuming that in the failed attempts report that it is showing the correct ID of the user when it is reporting that password invalid or user invalid?
HTH
Rick
05-17-2008 04:44 AM
Other then this, also cross check shared secret key and acs and on your aaa-client.
Regards,
~JG
05-17-2008 09:52 AM
JG
If the issue were a mismatch between the shared secret key would it not have failed before it got to the point where the error is:
"CS password invalid" ?
In my experience ACS checks the shared secret key long before it gets to the point of checking the user password.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: