Certificate required on server using ms-chap v2

ncasiraghi · ‎11-03-2004

Hi,

on a 3640 RAS, I set up ms-chap v2 to support windows password change. The authentication of the clint dialing in is performed by cisco ACS using Radius and windows database.

The client pass the authentication and the connection is set up, but immediately after I receive a message on the client telling that "It was not possible to verify the identity of the server" (windows error 778)

Can anyone help me ?

Thanks in advance!

jduffek · ‎11-03-2004

Not sure. Can you grab the following:

debug modem

debug ppp nego

debug ip peer

debug aaa authen

debug aaa author

debug radius

Thanks,

Josh

makchitale · ‎11-03-2004

What IOS image do we have on the 3640 RAS? This bug is caused by CSCeb73055 and fixed by CSCec12645

The following IOS images onwards should have the fix committed; 12.3(02)T09 /12.3(07)XI / 12.3(04.04)B / 12.3(03.09)T02 / 012.003(004.002) / 12.3(03.08)PI02

A possible work around is to enable network authorization (aaa authorization network xxxxxxx)

Thanks, Mak

ncasiraghi · ‎11-08-2004

Thanks Mak,

I changed the IOS version during the week-end and the problem has disappeared.

Before, I had IOS 12.2(15)T13, now I've IOS 12.3(11)T

Thanks again.

Nicola