Hello,

rhienwei2010 · ‎09-06-2016

Hello experts

I have a Windows 2012 Radius server setup for my ASA(ver 9.4). First I used service type NAS Prompt, then when tested on the ASA against the Radius server, authentication was successful, but authorization failed, error authorization rejected: AAA failed.

Then I changed Radius to use service-type LOGIN, then test on ASA was successful for both authorization and authentication, but when I used aaa authorization http console RADIUS, I still got authorization rejected error.

Can someone please give me a guild of how to use WIN Radius server for ASA authorization(not authentication)?

thanks a lot.

ramos1 · ‎03-30-2017

Similar issue here. I had a working AAA configuration with RADIUS and Win 2012 on IOS 9.1.6. I just upgraded to 9.4.4 and it stopped working. I found that if I disable aaa authorization entirely, the authentication and accounting pieces work.

Also of interest is ssh to the CLI never stopped working with all three "AAA's" configured. This only impacted http (ASDM). Bug in 9.4?

gbercsenyi · ‎04-02-2017

Hello,

Have you found solution for this issue?

Thank you,

Gabor

rhdoughten · ‎05-04-2017

Same issue here, too. Running ASA 9.5(2) and ASDM 7.7(1)151.

Also, I'm using service-type ADMINISTRATIVE. This was the only setting that would give me automatic authorization (to enable mode) in SSH. When logging into ASDM, it will authenticate but fails the authorization.

No resolution found yet.

Windows 2012 Radius failed authorization on ASA