cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
264
Views
0
Helpful
0
Replies
Highlighted
Beginner

eazyvpn / freeradius authentication issue

hi,

I've configured freeradius as such and I know it works.

asa version is Version 9.1(3)

               

FREERAD CONFIG  

client myasa {

        ipaddr = <ipofasa>

        netmask = 24

        secret = cisco123

        nastype = cisco

}

testuser Cleartext-Password := "testuser"

  Service-Type = NAS-Prompt-User

from the ASA

myasa # test aaa-server authentication FREERAD

Server IP Address or name: 10.80.250.13

Username: testuser

Password: ********

INFO: Attempting Authentication test to IP address <10.80.250.13> (timeout: 10 seconds)

INFO: Authentication Successful

interesting ASA config,

aaa-server FREERAD protocol radius

aaa-server FREERAD (inside) host 10.80.250.13

timeout 5

key *****

authentication-port 1812

group-policy EZVPN internal

group-policy EZVPN attributes

dns-server value 10.x.x.x

vpn-tunnel-protocol ikev1

split-tunnel-policy tunnelspecified

split-tunnel-network-list value EZVPN_splitTunnelAcl

default-domain value somedomain.com

nem enable

tunnel-group EZVPN type remote-access

tunnel-group EZVPN general-attributes

address-pool EZVPNPOOL

authentication-server-group FREERAD

default-group-policy EZVPN

tunnel-group EZVPN ipsec-attributes

ikev1 pre-shared-key *****

anyways the response the ASA gets from the FREERADIUS is,

%ASA-6-113005: AAA user authentication Rejected : reason = AAA failure : server = 10.80.250.13 : user = testuser

but when I do it using the TEST command it works just fine and I just can't figure out why.

thanks for any help.

this is what I get from freeradius logs,

Thu Jan 30 11:18:49 2014 : Auth: Login incorrect: [testuser/testuser] (from client MYASA port 4317184 cli x.x.x.x)

0 REPLIES 0