07-22-2013 11:12 AM - edited 03-10-2019 08:40 PM
Users created in Qradar do not authenticate. Qradar is configured to use RADIUS and CHAP to authenticate the users in ACS. ACS v4.2 does not seem to allow a client to be configured such that Qradar must authenticate with ACS via CHAP in order to then send the (Qradar) user authentication request.
07-22-2013 11:26 AM
Where is the user located?
Do you see any failed authentication on ACS 4.2?
~BR
Jatin Katyal
**Do rate helpful posts**
07-22-2013 12:40 PM
Thanks for your questions.
Qradar is a SIEM, admins need to log into it to work with it. Those users need to be authenticated so Qradar authenticates to ACS. There are no failures being logged. What I see in a packet capture and my workstation is basically useless since the interaction is TLS encrypted. A few packets go back and forth then they stop. At Qadar's login screen you see "failed authentication".
Since Qradar is configured to use PAP or CHAP, I want to find where in ACS you configure the CHAP password for the device. We have other non-cisco devices that do Radius in the same way for the admin's to log into them. Something is missing in the configuration and or definition for the device (Qradar).
This is likely going to be answered by someone who authenticated F5's or other non-cisco devices using v4 of ACS.
07-22-2013 08:25 PM
I'm sure you must have gone through the below listed PDF (page 24-25 --configuring authentication)
Now, I'd like to know how you have added QRadar as a radius client in ACS 4.2 > Network configuration > Add AAA client
Also, you can create a user on ACS 4.2 > user setup > there we have 2 options (PAP or CHAP) to enter the password, you may use CHAP password for user authentication.
~BR
Jatin Katyal
**Do rate helpful posts**
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide