Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

As5400 PPP MSCHAP Authentication failure

We use TAC AAA and that TAC box points to our Active directory for authentication. Only some users our having this issue and We have verified that those users are apart of the same group as users who are able to connect.

Nov 8 09:22:02 EST: As3/23 PPP: Using dialer call direction

Nov 8 09:22:02 EST: As3/23 PPP: Treating connection as a callin

Nov 8 09:22:02 EST: As3/23 PPP: Authorization required

Nov 8 09:22:02 EST: As3/23 DDR: Dialer statechange to up

Nov 8 09:22:02 EST: As3/23 DDR: Dialer received incoming call from <unknown>

Nov 8 09:22:03 EST: As3/23 MS-CHAP-V2: O CHALLENGE id 3 len 37 from "lclas5400d-on.ca"

Nov 8 09:22:03 EST: As3/23 MS-CHAP-V2: I RESPONSE id 3 len 61 from "bwillco"

Nov 8 09:22:03 EST: As3/23 PPP: Sent MSCHAP_V2 LOGIN Request

Nov 8 09:22:03 EST: As3/23 PPP: Received LOGIN Response FAIL

Nov 8 09:22:03 EST: As3/23 MS-CHAP-V2: O FAILURE id 3 len 13 msg is "E=691 R=0"

2 REPLIES
Silver

Re: As5400 PPP MSCHAP Authentication failure

Workaround: Do not use EAP. Rather, use CHAP, PAP, or MSCHAP, or configure EAP to authenticate locally by entering the ppp eap local command. Doing so requires AAA to be configured to authenticate PPP locally and the users that must be authenticated to be defined locally.

New Member

Re: As5400 PPP MSCHAP Authentication failure

Have you checked the IAS log for the matching MS-CHAP failure.

It could be a reversible password encryption issue with the AD user accounts.

212
Views
0
Helpful
2
Replies
CreatePlease to create content