Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1406
Views
0
Helpful
3
Replies

Qradar & ACS v4

Bob MacLean
Level 1
Level 1

‎07-22-2013 11:12 AM - edited ‎03-10-2019 08:40 PM

Users created in Qradar do not authenticate. Qradar is configured to use RADIUS and CHAP to authenticate the users in ACS. ACS v4.2 does not seem to allow a client to be configured such that Qradar must authenticate with ACS via CHAP in order to then send the (Qradar) user authentication request.

Labels:
0 Helpful
3 Replies 3

Jatin Katyal
Cisco Employee
Cisco Employee

‎07-22-2013 11:26 AM

Where is the user located?

Do you see any failed authentication on ACS 4.2?

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
0 Helpful

Bob MacLean
Level 1
Level 1
In response to Jatin Katyal

‎07-22-2013 12:40 PM

Thanks for your questions.

Qradar is a SIEM, admins need to log into it to work with it. Those users need to be authenticated so Qradar authenticates to ACS. There are no failures being logged. What I see in a packet capture and my workstation is basically useless since the interaction is TLS encrypted. A few packets go back and forth then they stop. At Qadar's login screen you see "failed authentication".

Since Qradar is configured to use PAP or CHAP, I want to find where in ACS you configure the CHAP password for the device. We have other non-cisco devices that do Radius in the same way for the admin's to log into them. Something is missing in the configuration and or definition for the device (Qradar).

This is likely going to be answered by someone who authenticated F5's or other non-cisco devices using v4 of ACS.

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to Bob MacLean

‎07-22-2013 08:25 PM

I'm sure you must have gone through the below listed PDF (page 24-25 --configuring authentication)

http://public.dhe.ibm.com/software/security/products/qradar/documents/71MR1/SIEM/CoreDocs/QRadar_71MR1_AdminGuide.pdf

Now, I'd like to know how you have added QRadar as a radius client in ACS 4.2 > Network configuration > Add AAA client

Also, you can create a user on ACS 4.2 > user setup > there we have 2 options (PAP or CHAP) to enter the password, you may use CHAP password for user authentication.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents