aaa problem with http and https

s.fasel — Sun, 04 Jul 2021 17:27:33 GMT

Hi,

I have install the last version of IOS (12.3(2)JA2)on one of my AP 1231G and I have a problem to access to the AP via http and https.

This is my aaa configuration:

aaa new-model

aaa group server radius rad_adm

server xxx.xxx.xxx.xxx auth-port 1645 acct-port 1646

aaa authentication login default group radius line

aaa authentication login console line

aaa authorization exec default group radius if-authenticated

aaa accounting exec default start-stop group rad_adm

aaa session-id common

and

ip http server

ip http authentication aaa

radius-server attribute 32 include-in-access-req format %h

radius-server host xxx.xxx.xxx.xxx auth-port 1645 acct-port 1646 key 7 yyyyyyyyyyyyyy

radius-server vsa send accounting

when I want to access to my AP via http, the login is refused and the AP logs:

Feb 15 08:14:19.612: AAA/AUTHEN/LOGIN (00000000): Pick method list 'console'

Feb 15 08:14:19.613: AAA/AUTHEN/LINE(00000000): FAIL Line password not found

the http authentication must use the aaa "default method"(via radius), but it uses the "console method".

on the AP with the IOS 12.2(8)JA and the same configuration, the http(s) authentication works correctly.

it's a bug on 12.3(2)JA2 version or I must change my configuration? the "aaa system" has changed on this IOS version ?

for your information, I have the same problem with the version 12.3(2)JA.

thanks for your help.

Regards

Sam

Re: aaa problem with http and https

will.shaw — Tue, 15 Feb 2005 08:55:38 GMT

aaa authentication login default group rad_adm console

instead of

aaa authentication login console line

s.fasel — Wed, 16 Feb 2005 10:51:49 GMT

I have tried the command line:

aaa authentication login default group rad_adm console

but it's not possible, because after the group rad_adm we can only use: enable, group, line, local, local-case or none