Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1649
Views
5
Helpful
1
Replies

Cisco ACS 5.2 not authenticating wireless clients with Cisco AP1142

marco.guttadauro_2
Level 1
Level 1

‎02-08-2012 01:55 AM - edited ‎03-10-2019 06:48 PM

Hi

I have a Cisco ACS Engine running v5.2 and I am trying to get it to authentication wireless clients via a Cisco AP1142.

However i am getting the following message in the acs reporting tool :

Failure Reason: 11036 The Message-Authenticator RADIUS attribute is invalid.

The description states: The Message-Authenticator RADIUS attribute is invalid. This maybe because of mismatched Sharded Secrets.

I have check the sharded secret and they are both set correctly. Is there something extra that needs setting up on the ACS server or on the Access Point, as the Access Point works well with ACS v4.2

Labels:
0 Helpful
1 Reply 1

camejia
Level 3
Level 3

‎02-08-2012 12:30 PM

Hello Marco,

I have been checking and the error 11036 The Message-Authenticator RADIUS attribute is invalid is usually related to a key mismatch.

Can you enable "debug aaa authentication" and "debug radius" and perform the test command on the AP authenticating against the ACS 5.x? The command should be:

test aaa group radius legacy

Please share the outputs. If the debugs report "failed to decrypt" then it is indeed a key mismatch.

If this was helpful please rate.

Regards.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents