2003 Microsoft IAS Radius with AAA configs

aamercado · ‎09-26-2007

Radius AAA works great until I have to change my windows password

(ie every 180 days). After changing password, I cannot access routers or switches.

The workaround is to reset my password back to the original password.

How do I get around this?

gmarogi · ‎10-03-2007

Send the following information from your IAS server to proceed for further troubleshooting.

1. Are you using any 802.1x/EAP authentication?

2. Send me the router/switch configurations relevant to AAA

3. Capture debug aaa authentication on your router/switch and send me the entire debug output captured. Based on that only, I can understand what is actually happening during the failed authentication.

aamercado · ‎10-05-2007

Hi - here it is and not using 802.1x/EAP. Thx

Jagdeep Gambhir · ‎10-05-2007

Hi,

If you are using telnet then that is not supported as telnet uses PAP and password expiry is not supported by PAP (we need mschapv2)

.RADIUS-based Windows Password Aging-Users must be in the Windows user database and be using a RADIUS client/supplicant that supports changing passwords by using Microsoft-Challenge Authentication Handshake Protocol (MS-CHAP).

You can use this to change your password,

http://www.greyware.com/software/domainpassword/

Hope that helps

Regards,

~JG