Re: Authentication Active Directory is failing

eadell · ‎09-10-2004

I have the following scenario.

I have a VPN 3005 concentrator with AUTHENTICATION against AD .

The VPN 3005 and AD are in the same LAN.

I can access with WebVPN but with MS-VPN Client(w2k professional/xp) we can´t. In this case the log of VPN show always the same entries:

2157 09/10/2004 13:19:42.290 SEV=3 AUTH/5 RPT=141 150.128.190.76 Authentication rejected: Reason = Invalid passwordhandle = 200, server = (none), user = my_user, domain = MYDOMAIN

In PPTP properties of 'base group' in VPN concentrator

PPTP Authentication Protocols

If i check only the PAP protocol, the authentication user's work but any other combinations of protocols doesn't work.

In PPTP properties of MS-VPN any combination of authentication protocol have the same results.

Can anybody help me on this?

Thanks

amritpatek · ‎09-16-2004

Looks like you are facing the bug CSCdy18833. Check out the following for more information:

Authentication Failures When ACS/NT 3.0 Is Authenticating to Active Directory

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00800b1583.shtml

mhs · ‎02-10-2005

I have the same hardware and the same problem. Have you ever received a fix or way to configure this? If you have something please let me know, that would be a great help.

Paul

bljibm · ‎04-26-2005

I have a similar issue, we have users coming in on a remote VPN, authenticating with MS-CHAP/CHAP only against a RADIUS which queries an AD server.

Because we specify using MS-CHAP/CHAP for authentication we do not appear able to get webVPN users to authenticate, as I understand the VPN Concentrator uses PAP to pass password authentication details.

If any one knows how we can get the Concentrator to send webVPN passwords details in CHAP it would be appreciated.

thanks

tyoungbauer · ‎06-06-2005

Have you had any luck with this? I am having the same issue and I cannot find a solution.

Thanks

Todd