Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
680
Views
0
Helpful
1
Replies

Cisco Access Registrar 5.0 (CAR) and LDAP implementation

andres.lorat
Level 1
Level 1

‎09-23-2010 08:52 AM - edited ‎03-10-2019 05:26 PM

Hi, how are you?.

I am implementing CAR 5.o and LDAP.  I tested some and it ever appears to me the following error in the CAR:

password does not match

09/23/2010 11:19:39.759: P79: Trace of Access-Request packet
09/23/2010 11:19:39.759: P79:    identifier = 78
09/23/2010 11:19:39.759: P79:    length = 146
09/23/2010 11:19:39.759: P79:    reqauth = 97:4b:47:a8:c7:98:0f:bf:40:7e:f1:50:84:3d:91:d7
09/23/2010 11:19:39.759: P79:    User-Name = teco
09/23/2010 11:19:39.759: P79:    User-Password = b4:63:de:ba:0f:8c:40:e0:5d:f3:24:e5:86:cb:62:bb
09/23/2010 11:19:39.759: P79:    NAS-IP-Address = 186.108.26.2
09/23/2010 11:19:39.759: P79:    NAS-Port = 1
09/23/2010 11:19:39.759: P79:    Service-Type = Login
09/23/2010 11:19:39.759: P79:    Called-Station-Id = 186.108.26.2
09/23/2010 11:19:39.759: P79:    Calling-Station-Id = 190.139.109.114
09/23/2010 11:19:39.759: P79:    NAS-Identifier = Cisco_69:65:a4
09/23/2010 11:19:39.759: P79:    NAS-Port-Type = Wireless - IEEE 802.11
09/23/2010 11:19:39.759: P79:    Message-Authenticator = aa:e9:c2:11:58:4d:f0:11:64:c8:0d:ff:a7:1b:47:be
09/23/2010 11:19:39.759: P79:    Airespace-WLAN-Id = 2
09/23/2010 11:19:39.759: P79: Using Client: WLC
09/23/2010 11:19:39.759: P79: Using NAS: WLC (186.108.26.2)
09/23/2010 11:19:39.759: P79: Request is directly from a NAS: TRUE
09/23/2010 11:19:39.759: P79: Authenticating and Authorizing with Service ldap
09/23/2010 11:19:39.759: P79: Service ldap: Sending request to remote server ldapserver
09/23/2010 11:19:39.759: P79:  Filter = (uid=teco)
09/23/2010 11:19:39.759: searchpath = OU=LDAP-USERS,DC=italtel,DC=ar
09/23/2010 11:19:39.759: Filter = (uid=teco)
09/23/2010 11:19:39.759: P79: Remote LDAP Server ldapserver: searching with scope: SubTree
09/23/2010 11:19:39.761: id = 1
09/23/2010 11:19:39.761: P79: Remote LDAP Server ldapserver (186.108.26.11:389:Connection:3): Querying LDAP server, id = 1.
09/23/2010 11:19:39.762: P79: Remote LDAP Server ldapserver (186.108.26.11:389): Got LDAP response,  id = 1.
09/23/2010 11:19:39.762: P79: Remote LDAP Server ldapserver (186.108.26.11:389): User teco's password does not match
09/23/2010 11:19:39.762: P79: Adding Message-Authenticator to response
09/23/2010 11:19:39.762: P79: Trace of Access-Reject packet
09/23/2010 11:19:39.762: P79:    identifier = 78
09/23/2010 11:19:39.762: P79:    length = 54
09/23/2010 11:19:39.762: P79:    respauth = f2:9f:a3:5f:0a:36:4b:69:c2:c0:f2:4e:78:c3:da:0d
09/23/2010 11:19:39.762: P79:    Reply-Message = Access Denied

Please, let me know your opinion about this issue.

Thanks a lot.

Andrés.

Labels:
0 Helpful
1 Reply 1

jedubois
Cisco Employee
Cisco Employee

‎10-08-2010 11:42 AM

Anders,

     Are you using bind based authentication or are you retreiving the password from the external database?  Can you post your LDAP configuration here?  Also make sure your shared secret is correct between your CAR server and your NAS as the only thing encrypted in RADIUS is the password so if the shared secret is incorrect it will show up as a bad password error in CAR.

--Jesse

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents