Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

eazyvpn / freeradius authentication issue

hi,

I've configured freeradius as such and I know it works.

asa version is Version 9.1(3)

               

FREERAD CONFIG  

client myasa {

        ipaddr = <ipofasa>

        netmask = 24

        secret = cisco123

        nastype = cisco

}

testuser Cleartext-Password := "testuser"

  Service-Type = NAS-Prompt-User

from the ASA

myasa # test aaa-server authentication FREERAD

Server IP Address or name: 10.80.250.13

Username: testuser

Password: ********

INFO: Attempting Authentication test to IP address <10.80.250.13> (timeout: 10 seconds)

INFO: Authentication Successful

interesting ASA config,

aaa-server FREERAD protocol radius

aaa-server FREERAD (inside) host 10.80.250.13

timeout 5

key *****

authentication-port 1812

group-policy EZVPN internal

group-policy EZVPN attributes

dns-server value 10.x.x.x

vpn-tunnel-protocol ikev1

split-tunnel-policy tunnelspecified

split-tunnel-network-list value EZVPN_splitTunnelAcl

default-domain value somedomain.com

nem enable

tunnel-group EZVPN type remote-access

tunnel-group EZVPN general-attributes

address-pool EZVPNPOOL

authentication-server-group FREERAD

default-group-policy EZVPN

tunnel-group EZVPN ipsec-attributes

ikev1 pre-shared-key *****

anyways the response the ASA gets from the FREERADIUS is,

%ASA-6-113005: AAA user authentication Rejected : reason = AAA failure : server = 10.80.250.13 : user = testuser

but when I do it using the TEST command it works just fine and I just can't figure out why.

thanks for any help.

this is what I get from freeradius logs,

Thu Jan 30 11:18:49 2014 : Auth: Login incorrect: [testuser/testuser] (from client MYASA port 4317184 cli x.x.x.x)

178
Views
0
Helpful
0
Replies