04-21-2009 02:28 AM - edited 03-10-2019 04:27 PM
I am configuring AAA . I am configuring a Router so that when users will access it using line vty they should be authenticated by the Active Directory . I have configured AAA on the Router and IAS on Microsoft Windows Server 2003 .But when i type " test aaa group AUTH Administrator xxxxxxx legacy " it gives the following error
Attempting authentication test to server-group AUTH using radius
*Mar 1 01:01:04.991: AAA: parse name=<no string> idb type=-1 tty=-1
*Mar 1 01:01:04.991: AAA/MEMORY: create_user (0x6417FF80) user='Administrator' ruser='NULL' ds0=0 port='' rem_addr='NULL' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)No authoritative response from any server.
RTR#
*Mar 1 01:01:23.647: %RADIUS-4-RADIUS_DEAD: RADIUS server 172.16.1.243:1812,1813 is not responding.
*Mar 1 01:01:23.655: AAA/MEMORY: free_user (0x6417FF80) user='Administrator' ruser='NULL' port='' rem_addr='NULL' authen_type=ASCII service=LOGIN priv=1 vrf= (id=0)
*Mar 1 01:01:23.655: %RADIUS-4-RADIUS_ALIVE: RADIUS server 172.16.1.243:1812,1813 is being marked alive.
I have also used the default ports for authentication but still no use. I am able to ping radius server from router and can ping router from radius server.
The Radius server in installed on VMWARE and the Router is being emulated in Dynampis.
Following is the configuration of the router
RTR#sh run
Building configuration...
Current configuration : 863 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RTR
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa group server radius AUTH
server 172.16.1.243 auth-port 1812 acct-port 1813
!
aaa authentication login AUTH group radius
!
aaa session-id common
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
no ip address
!
interface FastEthernet0/0
ip address 172.16.1.241 255.255.255.0
duplex auto
speed auto
!
ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.16.1.1
!
!
!
ip radius source-interface FastEthernet0/0
!
!
radius-server host 172.16.1.243 auth-port 1812 acct-port 1813 key xxxxx
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login authentication AUTH
!
!
end
Solved! Go to Solution.
04-21-2009 10:49 AM
Do you see any hits on 2003 event logs? If no then request is not reaching the radius.
Remember Dynampis some time shows abnormal behavior. Since you are able to ping then connectivity seems to be fine here.
Check the shared secret key and make sure radius ports are open , check if there is any firewall in between.
Regards,
~JG
04-21-2009 10:49 AM
Do you see any hits on 2003 event logs? If no then request is not reaching the radius.
Remember Dynampis some time shows abnormal behavior. Since you are able to ping then connectivity seems to be fine here.
Check the shared secret key and make sure radius ports are open , check if there is any firewall in between.
Regards,
~JG
04-21-2009 08:16 PM
The shared key is working fine , I checked out the Event Manager and it shows a Success of Radius in the Security Section . When I telnet into the router it asks for Username and password and after that it says Authentication Failed . Still I can see new Security logs of Radius ( success ) but from telnet it says authentication failed
04-21-2009 09:15 PM
I can see in the event viewer that the group policy is not working and looks like it has crashed and because of that i cant access shares .
the error says:
"Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this."
Does this Radius stuff when authenticating with Active Directory requires Group Policy ?
04-21-2009 11:35 PM
I installed New Windows Server because the last Windows was having problem in GPO as it was showing in the event viewer that the GPO has sort of crashed and its perfectly working fine
PROBLEM SOLVED !!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide