Radius configurarion problem.... any ideas?

[Dave Bradley]

I'm trying to configure an access router to work with the microsoft radius
server (IAS). To me all the configuration looks fine although all the cisco
radius options are a little confusing.

When I test the system whilst running raduis debug I get the following error

RADIUS: Received from id 12 172.16.1.17:1645, Access-Reject, len 20

This apparently is indicating an incorrect passord or secret as cicsco call
it. All passwords and port number are the same at both cisco and radius
server, oh dear!!

hear is the radius portion of the cisco config

-------
aaa new-model
aaa authentication login default radius
aaa authentication ppp default radius
aaa authorization network radius local
aaa accounting network start-stop radius
radius-server host 172.16.1.17 auth-port 1645 acct-port 1646
radius-server key radius

like I say the radius password at the microsoft radius end is also "radius"
and the ports are identical!!

[fritos]

put a debug radius....and send it to the news group
Dave Bradley > a écrit dans le message
<983177175.23201.0...@news.demon.co.uk>...

[fritos]

show us a debug radius....

[Stephen Linney]

Dave,

Few things to note:

1. Are you getting your Radius program to authenticate off an NT SAM
database, and if so you will need to make sure that you are passing PAP
passwords from your Access server. If this is the case then the
Access-Reject you are getting could in fact be a real reject because the SAM
database doesn't understand a CHAP password.

2. Get a test Radius program which saves you the hassle of having to keep
dialling in to test. I use one called NTRadPing which is one of the best I
have seen: http://www.nttacplus.com/

Hope this helps.

Steve

"Dave Bradley" <dbradley@[no spam]magnet.co.uk> wrote in message
news:983177175.23201.0...@news.demon.co.uk...

[Dave Bradley]

%LINK-3-UPDOWN: Interface Async71, changed state to up
RADIUS: Initial Transmit id 12 172.16.1.17:1645, Access-Request, len 90
Attribute 4 6 AC100115
Attribute 5 6 00000047
Attribute 61 6 00000000
Attribute 1 8 72616469
Attribute 31 13 30313533
Attribute 3 19 37EECBEA
Attribute 6 6 00000002
Attribute 7 6 00000001
%LINEPROTO-5-UPDOWN: Line protocol on Interface Async74, changed state to
down

RADIUS: Received from id 12 172.16.1.17:1645, Access-Reject, len 20

%LINK-5-CHANGED: Interface Async74, changed state to reset
%LINK-5-CHANGED: Interface Async71, changed state to reset
%LINK-3-UPDOWN: Interface Async74, changed state to down

fritos <fri...@free.fr> wrote in message
news:97e0vf$qed$1...@reader1.fr.uu.net...

[Dave Bradley]

%LINK-3-UPDOWN: Interface Async71, changed state to up
RADIUS: Initial Transmit id 12 172.16.1.17:1645, Access-Request, len 90
Attribute 4 6 AC100115
Attribute 5 6 00000047
Attribute 61 6 00000000
Attribute 1 8 72616469
Attribute 31 13 30313533
Attribute 3 19 37EECBEA
Attribute 6 6 00000002
Attribute 7 6 00000001
%LINEPROTO-5-UPDOWN: Line protocol on Interface Async74, changed state to
down

RADIUS: Received from id 12 172.16.1.17:1645, Access-Reject, len 20

%LINK-5-CHANGED: Interface Async74, changed state to reset
%LINK-5-CHANGED: Interface Async71, changed state to reset
%LINK-3-UPDOWN: Interface Async74, changed state to down
fritos <fri...@free.fr> wrote in message
news:97e0vf$qed$1...@reader1.fr.uu.net...

> show us a debug radius....
>
>
>
>

[Dave Bradley]

Thanks that's a very program. I was trying to authenticate from the NT SAM,
that is my intention although I'm not completely certain if it's happening.
Should the radius server be installed on a domain controller? I'm assuming
as the radius server is a member of the domain it's using the NT SAM, it's
installed on a member server.

It's still failing from NTRadPing but it's responding fine.

Stephen Linney <stephen...@nospamcwo.net.au> wrote in message
news:zgAm6.4$i%2....@news0.optus.net.au...