Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2225
Views
0
Helpful
3
Replies

Local Radius Authentication - Fails

d-garnett
Level 6
Level 6

‎02-19-2005 01:15 PM - edited ‎07-04-2021 10:28 AM

Hello all,

Access Point 1230AG (c1200-k9w7-mx.123-2.JA)

Client Adapter ABG (PCI)

I am new to Wireless Lan configuration with Aironet products (first project). I am configuring an Access Point for a small LAN and i can not get local radius authentication working. The password always fails if I try:

test aaa group radius xxxxx port 1812 new-code

although the password is matching..........

another thing is that in the configuration, it always defaults to 'nthash' mode. is this normal? in other words if i type:

radius-server local

user dgarnett password xxxx

when i do a 'show run' it displays as

user xxxx

I also get the following during a debug:

There is no RADIUS DB Some Radius attributes may not be stored

any help greatly appreciated

_______________________________________

ap#test aaa group radius dgarnett 123456789 port 1812 new-code

Trying to authenticate with Servergroup radius

User rejected

ap#

Feb 19 20:57:44.535: RADIUS(00000000): Config NAS IP: 10.14.14.14

Feb 19 20:57:44.535: RADIUS(00000000): Config NAS IP: 10.14.14.14

Feb 19 20:57:44.535: RADIUS(00000000): sending

Feb 19 20:57:44.535: RADIUS(00000000): Send Access-Request to 10.14.14.14:1812 id 21645/14, len 64

Feb 19 20:57:44.535: RADIUS: authenticator 9C C4 E8 64 80 8B 64 8A - E7 5F 0A 64 14 2F 5D B6

Feb 19 20:57:44.536: RADIUS: User-Password [2] 18 *

Feb 19 20:57:44.536: RADIUS: User-Name [1] 10 "dgarnett"

Feb 19 20:57:44.536: RADIUS: Service-Type [6] 6 Login [1]

Feb 19 20:57:44.536: RADIUS: NAS-IP-Address [4] 6 10.14.14.14

Feb 19 20:57:44.536: RADIUS: Nas-Identifier [32] 4 "ap"

Feb 19 20:57:44.537: RADSRV: Client dgarnett password failed

Feb 19 20:57:44.537: RADIUS: Received from id 21645/14 10.14.14.14:1812, Access-Reject, len 88

Feb 19 20:57:44.538: RADIUS: authenticator 3C B3 9A 7F 61 27 3A A6 - 84 39 B6 DF 22 DF 45 26

Feb 19 20:57:44.538: RADIUS: State [24] 50

Feb 19 20:57:44.538: RADIUS: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF [????????????????]

Feb 19 20:57:44.539: RADIUS: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF [????????????????]

Feb 19 20:57:44.539: RADIUS: 6B 7C 18 EA F0 20 A4 E5 B1 28 0E BD 57 61 24 9A [k|??? ???(??Wa$?]

Feb 19 20:57:44.539: RADIUS: Message-Authenticato[80] 18 *

Feb 19 20:57:44.539: RADIUS(00000000): Received from id 21645/14

Feb 19 20:57:44.539: RADIUS(00000000): Unique id not in use

Feb 19 20:57:44.540: RADIUS/DECODE(00000000): There is no RADIUS DB Some Radius attributes may not be stored

Labels:
35246-ap1200-config.txt
0 Helpful
3 Replies 3

d-garnett
Level 6
Level 6

‎02-19-2005 02:39 PM

Just as an update.......I set this up authenticating to an external (ACSNT) Radius server and it authenticates successfully. But still will not for the local dbase. My goal is to use the Corporate ACS as primary and the local as backup. I think my problem has to do with the Radius attributes 24 (State) and 80 (Message Auth). I also think that it points back to the NTHash stuff. Please advise as I am not new security practices and wireless, but I am new to Cisco Wireless networking.

0 Helpful

marcoadolfo
Level 1
Level 1
In response to d-garnett

‎07-23-2005 09:01 AM

Hi !!

I have the same problem to authenticate with the db local.

how you have resolved? thanks

0 Helpful

d-garnett
Level 6
Level 6
In response to marcoadolfo

‎07-24-2005 07:10 PM

Yes this issue was resolved by upgrading from c1200-k9w7-mx.123-2.JA to c1200-k9w7-mx.123-2.JA2

Good Luck

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card