Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2658
Views
0
Helpful
9
Replies

IOS XR and Freeradius

Alexander Istomin
Level 1
Level 1

‎02-05-2019 05:02 AM

Hello everyone!

 

I'm trying to configure AAA authentication on my ASR9K box with remote freeradius server and the problem is that ios xr prepands extra symbols to User-Password attribute:

User-Password = "qwerty\000\001P\036`\264O\223\265|"

as result i get this message:

pap: ERROR: MD5 digest does not match "known good" digest

 

How can i fix that?

 

2 people had this problem
Labels:
0 Helpful
9 Replies 9

Aleksandar Vidakovic
Cisco Employee
Cisco Employee

‎02-11-2019 07:30 AM

This is very strange because ASR9k should not prepend any characters. Are you sure it's the asr9k who does the prepending? What IOS XR release are you running?

0 Helpful

Alexander Istomin
Level 1
Level 1
In response to Aleksandar Vidakovic

‎02-11-2019 08:27 AM

Aleksandar,

 

my assumption is based on fact, that there is no problem with other devices that use same radius server.

For an example all is ok with ASR1k, 7604, ME3600x.

I use same configuration of AAA, secret key and user/password for all devices.

0 Helpful

Aleksandar Vidakovic
Cisco Employee
Cisco Employee
In response to Alexander Istomin

‎02-11-2019 08:45 AM

what IOS XR release are you running on the asr9k?

0 Helpful

Alexander Istomin
Level 1
Level 1
In response to Aleksandar Vidakovic

‎02-11-2019 08:52 AM

Version 5.3.4

disk0:asr9k-mpls-px-5.3.4

disk0:asr9k-mini-px-5.3.4
disk0:asr9k-mgbl-px-5.3.4
disk0:asr9k-mcast-px-5.3.4
disk0:asr9k-k9sec-px-5.3.4
disk0:asr9k-fpd-px-5.3.4
disk0:asr9k-px-5.3.4.sp3-1.0.0
disk0:asr9k-doc-px-5.3.4

0 Helpful

Aleksandar Vidakovic
Cisco Employee
Cisco Employee
In response to Alexander Istomin

‎02-11-2019 09:14 AM

This doesn't ring a bell and I also can't find records of similar bugs in our database. I see that you are still running SP3. Could you install the latest Service Pack (SP9). If the problem still remains, you can use "debug radius authentication" and "debug radius detail" to see what the asr9k is sending to and receiving from the radius server.

0 Helpful

giacomovolpi
Level 1
Level 1

‎12-10-2019 05:13 AM

Hello Alexander,
I'm experiencing your same issue with version disk0:asr9k-os-mbi-6.1.4
Other asr9k with disk0:asr9k-os-mbi-6.4.2 it's working fine.

Did you find any workaround to fix in older version?

Thanks,
Giacomo
0 Helpful

Alexander Istomin
Level 1
Level 1
In response to giacomovolpi

‎01-13-2020 07:13 AM

Hello!
The bug was opened on this case:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi31649

I did't have time to try workaround because changed my job.
0 Helpful

vladdar1349
Level 1
Level 1

‎02-11-2020 07:19 AM

Hello, this is unrelated but could you post the config for the ASR9k freeradius authentication.

I have problems  with MSCHAPv2 authentication. Is it even supported? We are using it without issues on Cisco Nexuses.

Thanks

0 Helpful

Piperflyer
Level 1
Level 1

‎02-08-2021 05:34 PM

I'm having the same problem on 5.3.4

0 Helpful
Customers Also Viewed These Support Documents