topic Thank for you reply, and I in Network Access Control

ACS 5.1 CHAP authentication internal user

Lars Reidelbach — Mon, 11 Mar 2019 01:10:11 GMT

Hello,

I try to authenticate some android smartphones with CHAP to ACS internal user database. The problem is the password. We had try some combinations but always some result.

15004 Matched rule

15013 Selected Identity Store - Internal Users

24210 Looking up User in Internal Users IDStore - Testuser

24212 Found User in Internal Users IDStore

22063 Wrong password

22057 The advanced option that is configured for a failed authentication request is used.

22061 The 'Reject' advanced option is configured in case of a failed authentication request.

11003 Returned RADIUS Access-Reject

Password is same on phone and acs internal user. I don't kown what is wrong.

If there a option for CHAP with password ?

best regards,

Lars

ACS 5.1 CHAP authentication internal user

andamani — Thu, 16 Jun 2011 04:43:34 GMT

Hi,

The shared secret between the AAA client on the ACS and the phone has to be the same.

On ACS Network Resources > network Devices and AAA client > Radius/TACACS > Shared secret value has to be the same on the Phone.

Ensure both of these are same.

Hope this helps.

Regards,

Anisha

P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

ACS 5.1 CHAP authentication internal user

Lars Reidelbach — Thu, 16 Jun 2011 07:15:26 GMT

Hi,

the smartphone sends the authentication request to a router in our provider network. This router is the AAA clients which builds the radius request to the acs server. The shared secret between AAA client (router) and acs is same.

So I don't need a aaa client for the smartphone. Or I am wrong?

regards,

Lars

ACS 5.1 CHAP authentication internal user

andamani — Fri, 17 Jun 2011 01:55:59 GMT

Hi,

That is correct.

You can try resetting the password of the user in the ACS and try the login again. Please ensure that you do not enter space in the password wghile typing.

Can you check if the option of "Allow chap" is enabled.

Access policies > Network default access > Allowed protocol > Allow CHAP.

Hope this helps.

Regards,

Anisha

P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

ACS 5.1 CHAP authentication internal user

Lars Reidelbach — Fri, 17 Jun 2011 08:22:22 GMT

Hi,

I had reset password and the user has defined a new over the option "Change password on next login". All work fine, acs take the new password. After that we test the authentication again -> Failed Wrong Password

Access Service has Allow Chap enabled.

best regards,

Lars

ACS 5.1 CHAP authentication internal user

andamani — Sun, 03 Jul 2011 03:41:04 GMT

Hi Lars,

Please open a TAC case. The engineer will help you resolve this

Regards,

Anisha

hello, I've met the same

xiaodong liao — Wed, 29 Jun 2016 03:51:50 GMT

hello, I've met the same problem, have you solved it now ?

We had used EAP-TLS with

Lars Reidelbach — Wed, 29 Jun 2016 07:23:51 GMT

We had used EAP-TLS with certificates. This has work than. Now we are using ISE so I can't test again. Sorry.

Thank for you reply, and I

xiaodong liao — Wed, 29 Jun 2016 07:58:56 GMT

Thank for you reply, and I wonder that the ISE you use now is use chap or EAP-TLS?

We are using now EAP-TLS for

Lars Reidelbach — Wed, 29 Jun 2016 08:01:06 GMT

We are using now EAP-TLS for all mobile devices.

Re: Thank for you reply, and I

MarcoLazzarotto — Mon, 17 Jun 2024 14:21:53 GMT

@xiaodong liao I'm pretty desperate because I have the same problem with AnyConnect client authentication. Have you found a solution?