05-16-2009 07:06 PM - edited 03-10-2019 04:29 PM
Hey people. I'm sitting in front of an ASA 5510 firewall and got a problem with authenticating users.
3|May 16 2009 22:12:40|109026: [ RADIUS ] Invalid reply digest received; shared server key may be mismatched.
3|May 16 2009 22:12:30|109026: [ RADIUS ] Invalid reply digest received; shared server key may be mismatched.
asdm image disk0:/asdm506.bin
asdm history enable
: Saved
:
ASA Version 7.0(6)
!
hostname FW02
domain-name
enable password 8Ry2YjIyt7RRXU24 encrypted
names
dns-guard
!
interface Ethernet0/0
nameif Inside
security-level 100
ip address 192.168.5.2 255.255.255.0
!
interface Ethernet0/1
shutdown
nameif Outside
security-level 0
ip address 211.16.20.35 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif Management
security-level 100
ip address 192.168.10.1 255.255.255.0
management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
pager lines 24
logging enable
logging asdm informational
mtu Inside 1500
mtu Outside 1500
mtu Management 1500
asdm image disk0:/asdm506.bin
asdm history enable
arp timeout 14400
route Inside 192.168.1.0 255.255.255.0 192.168.1.2 1
!
router ospf 1
network 192.168.5.0 255.255.255.0 area 0
network 192.168.10.0 255.255.255.0 area 0
network 211.16.20.0 255.255.255.0 area 0
area 0 authentication message-digest
log-adj-changes
!
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server Tech_Radius protocol radius
accounting-mode simultaneous
max-failed-attempts 5
aaa-server Tech_Radius host 192.168.1.1
key Password123
authentication-port 1812
accounting-port 1813
username test password P4ttSyrm33SV8TYp encrypted privilege 15
username taco password uRvcAEun1FM9R47Y encrypted privilege 10
username kaka password fw428MbVAj6nPVH9 encrypted privilege 15
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
username maha password G16z5dkWxCgEUU0Y encrypted privilege 15
aaa authentication http console Tech_Radius LOCAL
aaa authentication enable console Tech_Radius
http server enable
http 192.168.10.0 255.255.255.0 Management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
auth-prompt prompt Authentication:
auth-prompt accept Authenticated
auth-prompt reject Rejected
telnet timeout 5
ssh timeout 5
console timeout 0
Cryptochecksum:78fa9996d9ea1a3ee67d0b93bf99b54d
: end
I shut dowen every secret possibility, common password etc and nothing worked. All passwords and possible secrets are Password123
request for must contain messsage authentication is not marked and the password/secrets fields are empty at the AAA server as well.
They aren't empty right now but I had tried it several times.
I want users on a cisco firewall to authenticate against AD. IAS do get replies and messages about users but that log doesn't say anything with much information.
Users got the possibility to authenticate, but aren't just accepted, I tried several accounts.
Do anyone know the reason for this?
And do anyone know if I Cisco allow people to use their copyright router/switch pictures public somewhere or do I got to mail them for it?
Doing a projekt and we would need to get a mail with rights for it.:P
I did as well remove the commands for MD5 and framed-id etc in IAS.
I see as well that ASA auto encrypts passwords for users and thought it might been that, but got no clue how to shut it off.:/
I'm using Radius standard protocol as well.
05-17-2009 07:19 AM
Win2k3 is beeing used as well.
Is there anyone with a simulaur problem or someone who got a clue about what might try to use a key somewhere?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide