Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1902
Views
0
Helpful
4
Replies

VPN 3000 shows 'Authentication rejected: Group password is not configured'

JOOST HAGE
Level 1
Level 1

‎03-14-2003 03:08 AM - edited ‎03-10-2019 07:12 AM

I'm trying to set up Radius authentication on a 3015 with an ACS 3.1 server.

When testing the authentication, I'm receiving THE FOLLOWING LOG:

Authentication rejected: Reason = Group password is not configured

handle = 27, server = 10.16.10.14, user = test, domain = <not specified>

On the ACS (logs), authentication seems succesfull, so it's not the Radius-secret (also, when changed the response changes to 'Authentication rejected: Unspecified') or the user credentials (which receive the same response when entered incorrectly)

Also, I've configured a different Radius-server (Funk) with the same credentials, and that one's doing fine.

So, what am I doing wrong? Anyone?

Grtz, Joost

Labels:
0 Helpful
4 Replies 4

JOOST HAGE
Level 1
Level 1

‎03-14-2003 05:45 AM

Found the problem. On ACS, I had the 'ip address assignment: assigned by dial-up client' option enabled (in group settings).

I saw the difference in response between the two radius-servers (yay ethereal) and changed the setting to 'no ip assignment'. This solved the problem (sigh...)

Grtz, Joost

0 Helpful

Christopher Lunsford
Level 1
Level 1
In response to JOOST HAGE

‎04-11-2003 01:16 PM

I was glad to find your post, as I am having the same problem... However, I am still recieving the error after setting 'no ip assignment'. Did you do anything else?

Thank You!

Chris

0 Helpful

JOOST HAGE
Level 1
Level 1
In response to Christopher Lunsford

‎04-14-2003 01:12 AM

In general, I'd say that the log message is an incorrect 'I don't know what was in the radius return packet' message of the Concentrator. When the radius shared-secret is incorrect this makes sense, as the packets (to-and-fro) will be encrypted using the wrong shared key (and the reponse will indeed be a garbled packet the concentrator cannot understand).

However, I believe it also generates this message when a Radius-option is returned the Concentrator doesn't understand.

Your best bet (I think...) will be to disable all specific Radius options, see if authentication works, and then enable options you require until you 'break' communication.

Hope this helps.

Grtz, Joost

0 Helpful
Customers Also Viewed These Support Documents