Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Troubleshooting Nac Guest Server Authentication Error

Hello Everybody,

I installed NGS 2.0.2 for wireless guest user management and authentication. I implement webauth via webauth page on wlc deployed.

One Branch with a WLC5508 version 7.0 wireless anchor controller is working on the NGS.

But now I integrate next branch with WLC4402 version 6.0.188 and the authentication of users at the new branch gets an error, wrong user/password.

I double checked configuration and user/password but I can't find any configuration error. Also stopping and starting of radius service and reboot of NGS still does not help.

I tried to debug the radius via web interface and watched for the loggfile and there is still a reject.

I also tried the freeradius command radiusd -X but I got an error when starting the radiusd -X.

1.) How can I figure out, if I will get the correct password from my WLC ?

Are there any debug options to see more ? e.g. some cli commands, radiustest utilities or did someone know how to get the received password from the chap challenge of the debug ?

2.) I have appended a part from my radius loggfile. How can I find the detailed error in the radius loggfile ?

     Is it correct that the password in the debug file is empty ?

     raiuds logg line "[radius-user-auth] expand: %{User-Password} -> "

Best Regards

Alois

3 REPLIES

Re: Troubleshooting Nac Guest Server Authentication Error

Hi Alois,

This looks more a AAA related issue so moving it to AAA domain for faster response from Experts.

thanks,

Vinay

Thanks & Regards
New Member

Troubleshooting Nac Guest Server Authentication Error

Hi,

updated WLC4402 to version 7.0.98.0, same version is on WLC5508.

But WLC4402 has the same problem for authentication, like with 6.0.188 again.

Any suggestions on this problem ?

Best Regards

Alois

New Member

Re: Troubleshooting Nac Guest Server Authentication Error

Hello,

think I found the error.

Config guide for external web-auth showed radius-auth method is configurable.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008067489f.shtml

"config custom-web radiusauth "

Config guide of NGS has a small but important note:

http://www.cisco.com/en/US/docs/security/nac/guestserver/configuration_guide/20/g_radius.html

"NAC Guest Server supports only PAP in RADIUS Authentication"

So I checked my configurations (show custom-web all), and now I see the error.

Working controller has PAP authentication configured, failed controller has CHAP authentication configured.

I will change the congfiguration and test it, but I think that's the problem, because NGS does not support CHAP based authentication.

Best Regards

Alois

1533
Views
0
Helpful
3
Replies