Re: Radius authentication Issues

From: Andrew Mitchell (amitchell_at_removecasey.vic.gov.au)
Date: 09/23/04

• Next message: Jeff Durham: "Re: Linksys WAP54G and FreeRADIUS"
• Previous message: Jeff Durham: "Re: Linksys WAP54G and FreeRADIUS"
• In reply to: Jim: "Radius authentication Issues"
• Messages sorted by: [ date ] [ thread ]

Date: Thu, 23 Sep 2004 05:05:01 -0700

"Jim" <anonymous@discussions.microsoft.com> said

> I have recently setup an IAS server. We are using a Cisco
> 3600 router to gain dial up access and authenticating via
> IAS. The event logs on the server show that the user is
> granted access, but the user gets a message:
>
> Error 691:Access was denied because the username and/or
> password was invalid on the domain.
>

I'm having the same problem pointing a Cisco 3640 at IAS.
What did you select for your client vendor? I selected RADIUS standard but
I'm going to try Cisco (as soon as I can find a period when no users on on
the RAS device.....)

I found the following on another forum, which is pretty much what I did
(except I selected RADIUS standard instead of Cisco)

----------------------------------------

On Cisco enter the following commands.

aaa authentication login default group radius local
radius-server host x.x.x.x auth-port 1645 acct-port 1646 non-standard
radius-server retransmit 3
radius-server key <enter shared secret here>

On IAS server.

Create a new client with the IP address of the cisco router and select
Cisco for "Client-Vendor" and enter the "radius-server key" you entered on
the cisco router as Shared secret.

Goto Remote Access Policies and click on "Grant remote access permission".
And click Edit Profile.

Goto Authentication Tab and select only "Unencrypted Authentication
(PAP,SPAP)
Goto Entryption Tab and select "No encryption"
(Other combinations also might work)

Note.
If the machine running IAS is part of an NT domain you need to create users
in the Domain. If not local users would do.

Enable "Grant Dial-in permission" to which ever user you need to enable
Radius auth on the router.

-- 
Andy.

• Next message: Jeff Durham: "Re: Linksys WAP54G and FreeRADIUS"
• Previous message: Jeff Durham: "Re: Linksys WAP54G and FreeRADIUS"
• In reply to: Jim: "Radius authentication Issues"
• Messages sorted by: [ date ] [ thread ]

Relevant Pages Re: Cisco Router RADIUS to IAS ... I don't have a Cisco router here doing this. ... Cisco might have messed it up but both should have gotten it right by now. ... the IAS and DC can be together. ... people have got this to work....when i use my w2k client to try and con to ... (microsoft.public.win2000.ras_routing) Re: IAS Server and Cisco VPN Concentrator ... I followed that same cisco article with the exact steps. ... message I'm getting in the system log of the IAS server. ... the only authentication method is MSCHAPv2 ... (microsoft.public.windows.server.security) PEAPAuthentication problem ... Having a rather perplexing PEAP Authentication issue... ... W2k3 servers - DC, AD, IAS ... Cisco 802.11a/b/g Cards ... (microsoft.public.internet.radius) Re: PEAPAuthentication problem ... > Having a rather perplexing PEAP Authentication issue... ... > Cisco 802.11a/b/g Cards ... > The problems is that the requests are coming in just fine and hitting the> correct IAS policy, but we are getting a reject for Reason-Code 23 which I ... (microsoft.public.internet.radius) Re: Help! Cannot access network via VPN and no web in or out ... until the router stopped working and this cisco guy started messing around. ... Your SBS should be doing the authentication for ... They are>> trying to set the router to authenticate the VPN - not pass the request ... (microsoft.public.backoffice.smallbiz2000)

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint