11-08-2007 06:26 AM
We use TAC AAA and that TAC box points to our Active directory for authentication. Only some users our having this issue and We have verified that those users are apart of the same group as users who are able to connect.
Nov 8 09:22:02 EST: As3/23 PPP: Using dialer call direction
Nov 8 09:22:02 EST: As3/23 PPP: Treating connection as a callin
Nov 8 09:22:02 EST: As3/23 PPP: Authorization required
Nov 8 09:22:02 EST: As3/23 DDR: Dialer statechange to up
Nov 8 09:22:02 EST: As3/23 DDR: Dialer received incoming call from <unknown>
Nov 8 09:22:03 EST: As3/23 MS-CHAP-V2: O CHALLENGE id 3 len 37 from "lclas5400d-on.ca"
Nov 8 09:22:03 EST: As3/23 MS-CHAP-V2: I RESPONSE id 3 len 61 from "bwillco"
Nov 8 09:22:03 EST: As3/23 PPP: Sent MSCHAP_V2 LOGIN Request
Nov 8 09:22:03 EST: As3/23 PPP: Received LOGIN Response FAIL
Nov 8 09:22:03 EST: As3/23 MS-CHAP-V2: O FAILURE id 3 len 13 msg is "E=691 R=0"
11-14-2007 02:39 PM
Workaround: Do not use EAP. Rather, use CHAP, PAP, or MSCHAP, or configure EAP to authenticate locally by entering the ppp eap local command. Doing so requires AAA to be configured to authenticate PPP locally and the users that must be authenticated to be defined locally.
11-27-2007 03:15 PM
Have you checked the IAS log for the matching MS-CHAP failure.
It could be a reversible password encryption issue with the AD user accounts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide