Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1679
Views
0
Helpful
3
Replies

Configuring WAAS for RADIUS and NPS on Windows Server 2012

Go to solution
Paul Gaydos
Level 1
Level 1

‎07-05-2016 10:21 AM

I am having difficulties getting our WAAS devices to authenticate and login via RADIUS.  Running NPS on Windows Server 2012.  Confirmed that my WAAS appliance can ping the RADIUS server IP address.  Using the Service-Type Attribute of Administrative under Network Policies.  Looking in Event Viewer, I am receiving an error with Event ID 15, "A malformed RADIUS message was received from client xxxx-WAAS-01. The data is the RADIUS message." 

Right now, I can login with only the local default username/password.  Here is some config from the WAAS, running version 6.2.1:

radius-server key ****
radius-server host 10.194.10.13 auth-port 1645
!
authentication login local enable secondary
authentication login radius enable primary
authentication configuration local enable secondary
authentication configuration radius enable primary
authentication fail-over server-unreachable

I confirmed that my shared key is entered correctly on both the WAAS and NPS.  I have Cisco routers/switches running fine off of this same RADIUS server.

Has anyone had any luck connecting their WAAS devices up to RADIUS using Windows Server 2012 and NPS?  If so, please share any extra steps you took to get things to work.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Craig Meyer
Level 1
Level 1

‎07-08-2016 11:00 AM

Hi Paul,

Based on the RADIUS error you are likely encountering defect CSCva14731. This was first discovered with Cisco ACS, but may impact other RADIUS servers.

To confirm, you can check for corresponding error in WAAS syslog:

authenticate: %WAAS-UNKNOWN-3-899999: pam_radius_auth: talk_radius: RADIUS server <IP:port> failed to respond(time out 5(sec))

Also this defect would not impact devices on WAAS 5.x software.

The issue will be fixed in upcoming 6.2.3 release.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Craig Meyer
Level 1
Level 1

‎07-08-2016 11:00 AM

Hi Paul,

Based on the RADIUS error you are likely encountering defect CSCva14731. This was first discovered with Cisco ACS, but may impact other RADIUS servers.

To confirm, you can check for corresponding error in WAAS syslog:

authenticate: %WAAS-UNKNOWN-3-899999: pam_radius_auth: talk_radius: RADIUS server <IP:port> failed to respond(time out 5(sec))

Also this defect would not impact devices on WAAS 5.x software.

The issue will be fixed in upcoming 6.2.3 release.

0 Helpful

Go to solution
Paul Gaydos
Level 1
Level 1
In response to Craig Meyer

‎07-08-2016 12:45 PM

Thanks for the response.  That was the issue.  RADIUS does not work with WAAS version 6.2.1.  I have one WAAS still on version 5.5.7, configured that for RADIUS, and had no trouble logging in with my RADIUS credentials.

Do you know when version 6.2.3 is anticipated to be released?

0 Helpful

Go to solution
Craig Meyer
Level 1
Level 1
In response to Paul Gaydos

‎07-09-2016 05:33 AM

Hi Paul,

Current estimated timeframe is late July, early August.

0 Helpful
Customers Also Viewed These Support Documents