cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
1180
Views
4
Helpful
1
Replies

CS CHAP password invalid

b_learoyd
Level 1
Level 1

837 with ...

interface ATM0

no ip address

no atm ilmi-keepalive

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

Dialer0

ip address negotiated

encapsulation ppp

dialer pool 1

ppp authentication chap callin

encapsulation ppp

ppp chap hostname xxxxx

ppp chap password xxxxx

ppp ipcp dns request

ppp ipcp wins request

!

using acs3.2 for windows to authenticate and get

"CS CHAP password invalid" in the "failed attempts active csv"

Authentication is proxied via BT RADII to allow access to a central site over adsl via twin BT Centrals. ACS is configured to pass back AVPairs to the originating device.

Can anyone help ? All contributions welcome.

Barry.

1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

If you are passing the authentication transaction to radius, then I think that you should specify authentication pap instead of authentication chap. The issue is that chap sends the authentication response in encrypted form (and the response is a calculated value not the password). Therefore with chap the central site router does not have the correct password to pass to radius. With pap the authentication response does send the password. So with pap the central site can send the correct password to radius.

HTH

Rick