Local Radius Authentication - Fails

d-garnett — Sun, 04 Jul 2021 17:28:35 GMT

Hello all,

Access Point 1230AG (c1200-k9w7-mx.123-2.JA)

Client Adapter ABG (PCI)

I am new to Wireless Lan configuration with Aironet products (first project). I am configuring an Access Point for a small LAN and i can not get local radius authentication working. The password always fails if I try:

test aaa group radius xxxxx port 1812 new-code

although the password is matching..........

another thing is that in the configuration, it always defaults to 'nthash' mode. is this normal? in other words if i type:

radius-server local

user dgarnett password xxxx

when i do a 'show run' it displays as

user xxxx

I also get the following during a debug:

There is no RADIUS DB Some Radius attributes may not be stored

any help greatly appreciated

_______________________________________

ap#test aaa group radius dgarnett 123456789 port 1812 new-code

Trying to authenticate with Servergroup radius

User rejected

ap#

Feb 19 20:57:44.535: RADIUS(00000000): Config NAS IP: 10.14.14.14

Feb 19 20:57:44.535: RADIUS(00000000): sending

Feb 19 20:57:44.535: RADIUS(00000000): Send Access-Request to 10.14.14.14:1812 id 21645/14, len 64

Feb 19 20:57:44.535: RADIUS: authenticator 9C C4 E8 64 80 8B 64 8A - E7 5F 0A 64 14 2F 5D B6

Feb 19 20:57:44.536: RADIUS: User-Password [2] 18 *

Feb 19 20:57:44.536: RADIUS: User-Name [1] 10 "dgarnett"

Feb 19 20:57:44.536: RADIUS: Service-Type [6] 6 Login [1]

Feb 19 20:57:44.536: RADIUS: NAS-IP-Address [4] 6 10.14.14.14

Feb 19 20:57:44.536: RADIUS: Nas-Identifier [32] 4 "ap"

Feb 19 20:57:44.537: RADSRV: Client dgarnett password failed

Feb 19 20:57:44.537: RADIUS: Received from id 21645/14 10.14.14.14:1812, Access-Reject, len 88

Feb 19 20:57:44.538: RADIUS: authenticator 3C B3 9A 7F 61 27 3A A6 - 84 39 B6 DF 22 DF 45 26

Feb 19 20:57:44.538: RADIUS: State [24] 50

Feb 19 20:57:44.538: RADIUS: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF [????????????????]

Feb 19 20:57:44.539: RADIUS: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF [????????????????]

Feb 19 20:57:44.539: RADIUS: 6B 7C 18 EA F0 20 A4 E5 B1 28 0E BD 57 61 24 9A [k|??? ???(??Wa$?]

Feb 19 20:57:44.539: RADIUS: Message-Authenticato[80] 18 *

Feb 19 20:57:44.539: RADIUS(00000000): Received from id 21645/14

Feb 19 20:57:44.539: RADIUS(00000000): Unique id not in use

Feb 19 20:57:44.540: RADIUS/DECODE(00000000): There is no RADIUS DB Some Radius attributes may not be stored

Re: Local Radius Authentication - Fails

d-garnett — Sat, 19 Feb 2005 22:39:36 GMT

Just as an update.......I set this up authenticating to an external (ACSNT) Radius server and it authenticates successfully. But still will not for the local dbase. My goal is to use the Corporate ACS as primary and the local as backup. I think my problem has to do with the Radius attributes 24 (State) and 80 (Message Auth). I also think that it points back to the NTHash stuff. Please advise as I am not new security practices and wireless, but I am new to Cisco Wireless networking.

Re: Local Radius Authentication - Fails

marcoadolfo — Sat, 23 Jul 2005 16:01:11 GMT

Hi !!

I have the same problem to authenticate with the db local.

how you have resolved? thanks

Re: Local Radius Authentication - Fails

d-garnett — Mon, 25 Jul 2005 02:10:24 GMT

Yes this issue was resolved by upgrading from c1200-k9w7-mx.123-2.JA to c1200-k9w7-mx.123-2.JA2

Good Luck

topic Re: Local Radius Authentication - Fails in Wireless

Local Radius Authentication - Fails

Re: Local Radius Authentication - Fails

Re: Local Radius Authentication - Fails

Re: Local Radius Authentication - Fails