Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPS/IDS authentication with Cisco Radius ACS 5.2

Hello,

I have been trying to get our IPS (ASA-SSM-10 and 4260) to authenticate with Cisco Radius ACS 5.2 and they are not working. However, I was able to get them working with Microsoft Radius. I really appreciate if anyone can help or provide any documents. Below is the logs from the IPS:

evStatus: eventId=1321566464942057375 vendor=Cisco
  originator:
    hostId: NACAIRVIDLAB1
    appName: authentication
    appInstanceId: 350
  time: 2011/11/23 17:50:38 2011/11/23 09:50:38 GMT-08:00
  controlTransaction: command=editConfigDeltaAaa successful=true
    description: Control transaction response.
    requestor:
      user: bt\xtran
      application:
        hostId: 10.90.212.126
        appName: mainApp
        appInstanceId: 350
    responseData:

      respEditConfigDelta: xmlns=http://www.cisco.com/cids/idconf
        component: configToken=Qq2udacSeQewHLW2aOZUTFROyDI= name=aaa
          result:

evStatus: eventId=1321566464942057376 vendor=Cisco
  originator:
    hostId: NACAIRVIDLAB1
    appName: monitor
    appInstanceId: 350
  time: 2011/11/23 17:53:44 2011/11/23 09:53:44 GMT-08:00
  healthAndSecurity:
    description: Heartbeat
    healthStatus: red
    securityStatus:
      virtualSensor: vs0
      status: green
    warning:
      metricStatus: name=eventRetrieval
        status: red


evStatus: eventId=1321566464942057377 vendor=Cisco
  originator:
    hostId: NACAIRVIDLAB1
    appName: authentication
    appInstanceId: 350
  time: 2011/11/23 17:58:25 2011/11/23 09:58:25 GMT-08:00
  controlTransaction: command=editConfigDeltaAaa successful=true
    description: Control transaction response.
    requestor:
      user: bt\xtran
      application:
        hostId: 10.90.212.126
        appName: mainApp
        appInstanceId: 350
    responseData:

      respEditConfigDelta: xmlns=http://www.cisco.com/cids/idconf
        component: configToken=XaGonKId2FTmeMZICUQnp8ZAlu4= name=aaa
          result:

evStatus: eventId=1321566464942057378 vendor=Cisco
  originator:
    hostId: NACAIRVIDLAB1
    appName: monitor
    appInstanceId: 350
  time: 2011/11/23 17:58:44 2011/11/23 09:58:44 GMT-08:00
  healthAndSecurity:
    description: Heartbeat
    healthStatus: red
    securityStatus:
      virtualSensor: vs0
      status: green
    warning:
      metricStatus: name=eventRetrieval
        status: red


evStatus: eventId=1321566464942057379 vendor=Cisco
  originator:
    hostId: NACAIRVIDLAB1
    appName: sshd
    appInstanceId: 20320
  time: 2011/11/23 17:58:57 2011/11/23 09:58:57 GMT-08:00
  syslogMessage:
    description: pam_radius_auth: RADIUS server 10.11.21.213 failed to respond


evStatus: eventId=1321566464942057380 vendor=Cisco
  originator:
    hostId: NACAIRVIDLAB1
    appName: sshd
    appInstanceId: 20320
  time: 2011/11/23 17:58:57 2011/11/23 09:58:57 GMT-08:00
  syslogMessage:
    description: pam_radius_auth: All RADIUS servers failed to respond.


evStatus: eventId=1321566464942057381 vendor=Cisco
  originator:
    hostId: NACAIRVIDLAB1
    appName: sshd(pam_unix)
    appInstanceId: 20320
  time: 2011/11/23 17:58:57 2011/11/23 09:58:57 GMT-08:00
  syslogMessage:
    description: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=cai514520.bt.adinternal.com  user=bt\xtran


evStatus: eventId=1321566464942057382 vendor=Cisco
  originator:
    hostId: NACAIRVIDLAB1
    appName: sshd
    appInstanceId: 20319
  time: 2011/11/23 17:59:00 2011/11/23 09:59:00 GMT-08:00
  syslogMessage:
    description: error: PAM: Authentication failure

--MORE--

Thank you

Si

753
Views
0
Helpful
0
Replies