Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
798
Views
0
Helpful
0
Replies

Integrating AAA Radius-server with Micro-soft IAS for SSH

praveenk098
Level 1
Level 1

‎01-07-2013 08:26 AM - edited ‎03-10-2019 07:56 PM

Hi,

I am configuring aaa-server on ASA-5505(Radius) and i am Using microsoft IAS for authentication for SSH connections on ASA, so during " test aaa-server authentication " i getting this message

ERROR: Authentication Server not responding: AAA decode failure.. server secret mismatch

All users are there on active  directory  And below are the debug radius and debug aaa authentication.

ASA# test aaa-server authentication SSH-TULIP-ASA host 172.16.1.10 usern$

INFO: Attempting Authentication test to IP address <172.16.1.10> (timeout: 12 seconds)

radius mkreq: 0xd4

alloc_rip 0xd83bb99c

    new request 0xd4 --> 124 (0xd83bb99c)

got user 'praveeny'

got password

add_req 0xd83bb99c session 0xd4 id 124

RADIUS_REQUEST

radius.c: rad_mkpkt

RADIUS packet decode (authentication request)

--------------------------------------

Raw packet data (length = 66).....

01 7c 00 42 37 a4 0d c2 d3 10 09 0e 2f 3c c5 1a    |  .|.B7......./<..

4b 28 41 e6 01 0a 70 72 61 76 65 65 6e 79 02 12    |  K(A...praveeny..

a1 8f e1 ae 58 dd c2 52 d6 37 f7 32 13 3a 1c 71    |  ....X..R.7.2.:.q

04 06 ac 1e 1e 06 05 06 00 00 00 0e 3d 06 00 00    |  ............=...

00 05                                              |  ..

Parsed packet data.....

Radius: Code = 1 (0x01)

Radius: Identifier = 124 (0x7C)

Radius: Length = 66 (0x0042)

Radius: Vector: 37A40DC2D310090E2F3CC51A4B2841E6

Radius: Type = 1 (0x01) User-Name

Radius: Length = 10 (0x0A)

Radius: Value (String) =

70 72 61 76 65 65 6e 79                            |  praveeny

Radius: Type = 2 (0x02) User-Password

Radius: Length = 18 (0x12)

Radius: Value (String) =

a1 8f ERROR: Authentication Server not responding: AAA decode failure.. server secret mismatch

Tulip-ASA# e1 ae 58 dd c2 52 d6 37 f7 32 13 3a 1c 71    |  ....X..R.7.2.:.q

Radius: Type = 4 (0x04) NAS-IP-Address

Radius: Length = 6 (0x06)

Radius: Value (IP Address) = 172.30.30.6 (0xAC1E1E06)

Radius: Type = 5 (0x05) NAS-Port

Radius: Length = 6 (0x06)

Radius: Value (Hex) = 0xE

Radius: Type = 61 (0x3D) NAS-Port-Type

Radius: Length = 6 (0x06)

Radius: Value (Hex) = 0x5

send pkt 172.16.1.10/1645

rip 0xd83bb99c state 7 id 124

rad_vrfy() : bad req auth

rad_procpkt: radvrfy fail

RADIUS_DELETE

remove_req 0xd83bb99c session 0xd4 id 124

free_rip 0xd83bb99c

radius: send queue empty

Thanks in advance all comments and suggestion are welcome

Regards,

Praveen

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents