Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1382
Views
0
Helpful
1
Replies

RADIUS+MS-CHAP+IAS authentication problem

scolombo
Cisco Employee
Cisco Employee

‎11-30-2004 04:40 AM - edited ‎03-10-2019 01:54 PM

We're configuring a Dial-in access authenticated by Microsoft 2003 IAS Server.

Here after the configuration :

aaa new-model

aaa authentication ppp dialins radius local

aaa authorization network default radius local

aaa accounting exec default start-stop radius

aaa accounting commands 15 default start-stop radius

aaa accounting network default start-stop radius

.....

interface Serial2

physical-layer async

ip unnumbered Ethernet0

no ip directed-broadcast

ip nat outside

encapsulation ppp

autodetect encapsulation ppp

async default routing

async mode interactive

no cdp enable

ppp authentication ms-chap chap callin dialins

...........

radius-server host 10.213.48.121 auth-port 1645 acct-port 1646

radius-server key xxxxxx

The authentication phase fails with the following errors :

*Mar 1 21:38:03: Se2 PPP: Phase is AUTHENTICATING, by this end

*Mar 1 21:38:03: Se2 CHAP: O CHALLENGE id 30 len 24 from "RADIUS-TEST"

*Mar 1 21:38:03: Se2 LCP: I IDENTIFY [Open] id 3 len 18 magic 0x53BC1EBF MSRASV 5.10

*Mar 1 21:38:03: Se2 LCP: I IDENTIFY [Open] id 4 len 23 magic 0x53BC1EBF MSRAS-1-TRINITY

*Mar 1 21:38:03: Se2 CHAP: I RESPONSE id 30 len 61 from "testras"

*Mar 1 21:38:03: AAA: parse name=Serial2 idb type=10 tty=2

*Mar 1 21:38:03: AAA: name=Serial2 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=2 channel=0

*Mar 1 21:38:03: AAA/AUTHEN: create_user (0xEC9B8) user='testras' ruser='' port='Serial2' rem_addr='async' authen_type=MSCHAP service=PPP priv=1

*Mar 1 21:38:03: AAA/AUTHEN/START (3977775049): port='Serial2' list='dialins' action=LOGIN service=PPP

*Mar 1 21:38:03: AAA/AUTHEN/START (3977775049): found list dialins

*Mar 1 21:38:03: AAA/AUTHEN/START (3977775049): Method=RADIUS

*Mar 1 21:38:03: RADIUS: ustruct sharecount=0

*Mar 1 21:38:03: RADIUS: Initial Transmit Serial2 id 63 10.213.48.121:1645, Access-Request, len 133

*Mar 1 21:38:03: Attribute 4 6 0AD52C0D

*Mar 1 21:38:03: Attribute 5 6 00000002

*Mar 1 21:38:03: Attribute 61 6 00000000

*Mar 1 21:38:03: Attribute 1 9 74657374

*Mar 1 21:38:03: Attribute 26 16 00001370B0A168A

*Mar 1 21:38:03: Attribute 26 58 0000013701341E01

*Mar 1 21:38:03: Attribute 6 6 00000002

*Mar 1 21:38:03: Attribute 7 6 00000001

*Mar 1 21:38:03: RADIUS: Received from id 63 10.213.48.121:1645, Access-Reject, len 42

*Mar 1 21:38:03: Attribute 26 22 0000013702101E45

*Mar 1 21:38:03: AAA/AUTHEN (3977775049): status = FAIL

*Mar 1 21:38:03: Se2 CHAP: Unable to validate Response. Username testras: Auth

entication failure

*Mar 1 21:38:03: Se2 CHAP: O FAILURE id 30 len 26 msg is "Authentication failur

e"

*Mar 1 21:38:03: Se2 PPP: Phase is TERMINATING

*Mar 1 21:38:03: Se2 LCP: O TERMREQ [Open] id 105 len 4

*Mar 1 21:38:03: AAA/AUTHEN: free_user (0xEC9B8) user='testras' ruser='' port='

Serial2' rem_addr='async' authen_type=MSCHAP service=PPP priv=1

*Mar 1 21:38:05: Se2 LCP: TIMEout: State TERMsent

Can anyone help me with this issue

Thanks

Stefano COlombo

Labels:
0 Helpful
1 Reply 1

umedryk
Level 5
Level 5

‎12-06-2004 07:42 AM

Include on the ppp authentication ms-chap, and enable the same on the radius server.

0 Helpful
Customers Also Viewed These Support Documents