Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Qradar & ACS v4

Users created in Qradar do not authenticate. Qradar is configured to use RADIUS and CHAP to authenticate the users in ACS. ACS v4.2 does not seem to allow a client to be configured such that Qradar must authenticate with ACS via CHAP in order to then send the (Qradar) user authentication request.

Everyone's tags (2)
3 REPLIES
Cisco Employee

Qradar & ACS v4

Where is the user located?

Do you see any failed authentication on ACS 4.2?

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

Re: Qradar & ACS v4

Thanks for your questions.

Qradar is a SIEM, admins need to log into it to work with it. Those users need to be authenticated so Qradar authenticates to ACS. There are no failures being logged. What I see in a packet capture and my workstation is basically useless since the interaction is TLS encrypted. A few packets go back and forth then they stop. At Qadar's login screen you see "failed authentication".

Since Qradar is configured to use PAP or CHAP, I want to find where in ACS you configure the CHAP password for the device. We have other non-cisco devices that do Radius in the same way for the admin's to log into them. Something is missing in the configuration and or definition for the device (Qradar).

This is likely going to be answered by someone who authenticated F5's or other non-cisco devices using v4 of ACS.

Cisco Employee

Re: Qradar & ACS v4

I'm sure you must have gone through the below listed PDF (page 24-25 --configuring authentication)

http://public.dhe.ibm.com/software/security/products/qradar/documents/71MR1/SIEM/CoreDocs/QRadar_71MR1_AdminGuide.pdf

Now, I'd like to know how you have added QRadar as a radius client in ACS 4.2 > Network configuration > Add AAA client

Also, you can create a user on ACS 4.2 > user setup > there we have 2 options (PAP or CHAP) to enter the password, you may use CHAP password for user authentication.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
596
Views
0
Helpful
3
Replies