cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
575
Views
1
Helpful
4
Replies

Problem with MS IAS and AAA

I am configuring AAA . I am configuring a Router so that when users will access it using line vty they should be authenticated by the Active Directory . I have configured AAA on the Router and IAS on Microsoft Windows Server 2003 .But when i type " test aaa group AUTH Administrator xxxxxxx legacy " it gives the following error

Attempting authentication test to server-group AUTH using radius

*Mar 1 01:01:04.991: AAA: parse name=<no string> idb type=-1 tty=-1

*Mar 1 01:01:04.991: AAA/MEMORY: create_user (0x6417FF80) user='Administrator' ruser='NULL' ds0=0 port='' rem_addr='NULL' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)No authoritative response from any server.

RTR#

*Mar 1 01:01:23.647: %RADIUS-4-RADIUS_DEAD: RADIUS server 172.16.1.243:1812,1813 is not responding.

*Mar 1 01:01:23.655: AAA/MEMORY: free_user (0x6417FF80) user='Administrator' ruser='NULL' port='' rem_addr='NULL' authen_type=ASCII service=LOGIN priv=1 vrf= (id=0)

*Mar 1 01:01:23.655: %RADIUS-4-RADIUS_ALIVE: RADIUS server 172.16.1.243:1812,1813 is being marked alive.

I have also used the default ports for authentication but still no use. I am able to ping radius server from router and can ping router from radius server.

The Radius server in installed on VMWARE and the Router is being emulated in Dynampis.

Following is the configuration of the router

RTR#sh run

Building configuration...

Current configuration : 863 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname RTR

!

boot-start-marker

boot-end-marker

!

!

aaa new-model

!

!

aaa group server radius AUTH

server 172.16.1.243 auth-port 1812 acct-port 1813

!

aaa authentication login AUTH group radius

!

aaa session-id common

memory-size iomem 5

!

!

ip cef

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Loopback1

no ip address

!

interface FastEthernet0/0

ip address 172.16.1.241 255.255.255.0

duplex auto

speed auto

!

ip http server

no ip http secure-server

ip route 0.0.0.0 0.0.0.0 172.16.1.1

!

!

!

ip radius source-interface FastEthernet0/0

!

!

radius-server host 172.16.1.243 auth-port 1812 acct-port 1813 key xxxxx

!

control-plane

!

!

!

!

!

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

login authentication AUTH

!

!

end

1 Accepted Solution

Accepted Solutions

Jagdeep Gambhir
Level 10
Level 10

Do you see any hits on 2003 event logs? If no then request is not reaching the radius.

Remember Dynampis some time shows abnormal behavior. Since you are able to ping then connectivity seems to be fine here.

Check the shared secret key and make sure radius ports are open , check if there is any firewall in between.

Regards,

~JG

View solution in original post

4 Replies 4

Jagdeep Gambhir
Level 10
Level 10

Do you see any hits on 2003 event logs? If no then request is not reaching the radius.

Remember Dynampis some time shows abnormal behavior. Since you are able to ping then connectivity seems to be fine here.

Check the shared secret key and make sure radius ports are open , check if there is any firewall in between.

Regards,

~JG

The shared key is working fine , I checked out the Event Manager and it shows a Success of Radius in the Security Section . When I telnet into the router it asks for Username and password and after that it says Authentication Failed . Still I can see new Security logs of Radius ( success ) but from telnet it says authentication failed

I can see in the event viewer that the group policy is not working and looks like it has crashed and because of that i cant access shares .

the error says:

"Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this."

Does this Radius stuff when authenticating with Active Directory requires Group Policy ?

I installed New Windows Server because the last Windows was having problem in GPO as it was showing in the event viewer that the GPO has sort of crashed and its perfectly working fine

PROBLEM SOLVED !!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: