topic Re: Troubleshooting Nac Guest Server Authentication Error in Network Access Control

Troubleshooting Nac Guest Server Authentication Error

alois.heilmaier — Mon, 11 Mar 2019 01:02:37 GMT

Hello Everybody,

I installed NGS 2.0.2 for wireless guest user management and authentication. I implement webauth via webauth page on wlc deployed.

One Branch with a WLC5508 version 7.0 wireless anchor controller is working on the NGS.

But now I integrate next branch with WLC4402 version 6.0.188 and the authentication of users at the new branch gets an error, wrong user/password.

I double checked configuration and user/password but I can't find any configuration error. Also stopping and starting of radius service and reboot of NGS still does not help.

I tried to debug the radius via web interface and watched for the loggfile and there is still a reject.

I also tried the freeradius command radiusd -X but I got an error when starting the radiusd -X.

1.) How can I figure out, if I will get the correct password from my WLC ?

Are there any debug options to see more ? e.g. some cli commands, radiustest utilities or did someone know how to get the received password from the chap challenge of the debug ?

2.) I have appended a part from my radius loggfile. How can I find the detailed error in the radius loggfile ?

Is it correct that the password in the debug file is empty ?

raiuds logg line "[radius-user-auth] expand: %{User-Password} -> "

Best Regards

Alois

Re: Troubleshooting Nac Guest Server Authentication Error

Vinay Sharma — Mon, 09 May 2011 14:57:12 GMT

Hi Alois,

This looks more a AAA related issue so moving it to AAA domain for faster response from Experts.

thanks,

Vinay

Troubleshooting Nac Guest Server Authentication Error

alois.heilmaier — Fri, 23 Sep 2011 11:21:13 GMT

Hi,

updated WLC4402 to version 7.0.98.0, same version is on WLC5508.

But WLC4402 has the same problem for authentication, like with 6.0.188 again.

Any suggestions on this problem ?

Best Regards

Alois

Re: Troubleshooting Nac Guest Server Authentication Error

alois.heilmaier — Tue, 27 Dec 2011 09:59:10 GMT

Hello,

think I found the error.

Config guide for external web-auth showed radius-auth method is configurable.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008067489f.shtml

"config custom-web radiusauth "

Config guide of NGS has a small but important note:

http://www.cisco.com/en/US/docs/security/nac/guestserver/configuration_guide/20/g_radius.html

"NAC Guest Server supports only PAP in RADIUS Authentication"

So I checked my configurations (show custom-web all), and now I see the error.

Working controller has PAP authentication configured, failed controller has CHAP authentication configured.

I will change the congfiguration and test it, but I think that's the problem, because NGS does not support CHAP based authentication.

Best Regards

Alois