topic Re: Problem with MS IAS and AAA in Network Access Control

Problem with MS IAS and AAA

communication.boy — Sun, 10 Mar 2019 23:27:05 GMT

I am configuring AAA . I am configuring a Router so that when users will access it using line vty they should be authenticated by the Active Directory . I have configured AAA on the Router and IAS on Microsoft Windows Server 2003 .But when i type " test aaa group AUTH Administrator xxxxxxx legacy " it gives the following error

Attempting authentication test to server-group AUTH using radius

*Mar 1 01:01:04.991: AAA: parse name=<no string> idb type=-1 tty=-1

*Mar 1 01:01:04.991: AAA/MEMORY: create_user (0x6417FF80) user='Administrator' ruser='NULL' ds0=0 port='' rem_addr='NULL' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)No authoritative response from any server.

RTR#

*Mar 1 01:01:23.647: %RADIUS-4-RADIUS_DEAD: RADIUS server 172.16.1.243:1812,1813 is not responding.

*Mar 1 01:01:23.655: AAA/MEMORY: free_user (0x6417FF80) user='Administrator' ruser='NULL' port='' rem_addr='NULL' authen_type=ASCII service=LOGIN priv=1 vrf= (id=0)

*Mar 1 01:01:23.655: %RADIUS-4-RADIUS_ALIVE: RADIUS server 172.16.1.243:1812,1813 is being marked alive.

I have also used the default ports for authentication but still no use. I am able to ping radius server from router and can ping router from radius server.

The Radius server in installed on VMWARE and the Router is being emulated in Dynampis.

Following is the configuration of the router

RTR#sh run

Building configuration...

Current configuration : 863 bytes

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

hostname RTR

boot-start-marker

boot-end-marker

aaa new-model

aaa group server radius AUTH

server 172.16.1.243 auth-port 1812 acct-port 1813

aaa authentication login AUTH group radius

aaa session-id common

memory-size iomem 5

ip cef

interface Loopback1

no ip address

interface FastEthernet0/0

ip address 172.16.1.241 255.255.255.0

duplex auto

speed auto

ip http server

no ip http secure-server

ip route 0.0.0.0 0.0.0.0 172.16.1.1

ip radius source-interface FastEthernet0/0

radius-server host 172.16.1.243 auth-port 1812 acct-port 1813 key xxxxx

control-plane

line con 0

line aux 0

line vty 0 4

end

Re: Problem with MS IAS and AAA

Jagdeep Gambhir — Tue, 21 Apr 2009 17:49:54 GMT

Do you see any hits on 2003 event logs? If no then request is not reaching the radius.

Remember Dynampis some time shows abnormal behavior. Since you are able to ping then connectivity seems to be fine here.

Check the shared secret key and make sure radius ports are open , check if there is any firewall in between.

Regards,

~JG

Re: Problem with MS IAS and AAA

communication.boy — Wed, 22 Apr 2009 03:16:24 GMT

The shared key is working fine , I checked out the Event Manager and it shows a Success of Radius in the Security Section . When I telnet into the router it asks for Username and password and after that it says Authentication Failed . Still I can see new Security logs of Radius ( success ) but from telnet it says authentication failed

Re: Problem with MS IAS and AAA

communication.boy — Wed, 22 Apr 2009 04:15:26 GMT

I can see in the event viewer that the group policy is not working and looks like it has crashed and because of that i cant access shares .

the error says:

"Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this."

Does this Radius stuff when authenticating with Active Directory requires Group Policy ?

Re: Problem with MS IAS and AAA

communication.boy — Wed, 22 Apr 2009 06:35:22 GMT

I installed New Windows Server because the last Windows was having problem in GPO as it was showing in the event viewer that the GPO has sort of crashed and its perfectly working fine

PROBLEM SOLVED !!!