Re: IAS Rejects Credentials - Help!

From: S. Pidgorny (slavickp_at_yahoo.com)
Date: 03/25/04


Date: Thu, 25 Mar 2004 18:41:54 +1100

It would be nice to see the Windows event log entry from IAS - that will
give more information. In the meantime, I'd suggest using "domainname\nancy"
or "nancy@yourcorpdomain.net" (Windows UPN) instead of just "nancy" for
login.

-- 
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-
"Bill" <anonymous@discussions.microsoft.com> wrote in message
news:A9AB6B2D-3A79-46AF-88F1-BBEB94EDE651@microsoft.com...
> Hi.  I have a Cisco 2621 confugured as a VPN server and I want to use IAS
as a RADIUS server.  IAS is running on Windows 2000 Server in a DMZ.  I am
using the Cisco VPN client (4.03c). I have checked and rechecked usernames,
passwords, policies and router and IAS configurations and security settings
but this still will not work.  I looks like it should: the router is talking
to the radius server below is the dialog on the router from IAS:
>
> 1w2d: RADIUS: Pick NAS IP for u=0x82B9684C tableid=0 cfg_addr=0.0.0.0
> 1w2d: RADIUS: ustruct sharecount=2
> 1w2d: Radius: radius_port_info() success=1 radius_nas_port=1
> 1w2d: RADIUS/ENCODE: Best Local IP-Address 203.34.xx.yyy for Radius-Server
203.34.xx.yyy
> 1w2d: RADIUS(00000000): Send Access-Request to 203.34.xx.yyy:1645 id
1645/55, len 82
> 1w2d: RADIUS:  authenticator 3B 47 8D E5 F8 91 91 85 - 03 E2 D7 E2 D6 28
6A F4
> 1w2d: RADIUS:  NAS-IP-Address      [4]   6   203.34.xx.zzz
> 1w2d: RADIUS:  NAS-Port            [5]   6   500
> 1w2d: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
> 1w2d: RADIUS:  User-Name           [1]   10  "nancy"
> 1w2d: RADIUS:  Calling-Station-Id  [31]  16  "203.40.199.251"
> 1w2d: RADIUS:  User-Password       [2]   18  *
> 1w2d: RADIUS: Received from id 1645/55 203.34.xx.yyy:1645, Access-Reject,
len 20
>
> I have run out of ideas.  Can anyone please shed some light on this for
me?
> Cheers,
> Bill
>


Relevant Pages

  • Re: Do not use Active Directory
    ... To turn on logging for IAS, use "netsh ras set tr * en" at the command ... I created a new user in the server and configured my cisco router to ... > call the radius server for authentification. ...
    (microsoft.public.internet.radius)
  • Re: Some basic advice needed: RADIUS "light"
    ... I tried to install Microsofts IAS service on top of my existing Active Directory infrastructure and soon got lost in a jungle of blablabla about protocols, certificates and design strategies for worldwide corporate PKI infrastructures, Policy based access strategies and such, which I currently am not interested in. ... Is there a fairly easy and straightforward documentation from MS or anyone else about how to set up a very basic RADIUS server using Windows 2003 services doing nothing but authentication for simple boxes? ... is there a different RADIUS server software for the Windows 2003 platform available that does the job? ...
    (microsoft.public.internet.radius)
  • Re: Need step-by-step inst. to configure 2801 router to use Windows IAS RADIUS
    ... In fact, my VPN router is still configured to use the IAS RADIUS server Luckily, Cisco allows you to specify local user authentication if the RADIUS server is not contactable. ... - Router configuration ...
    (comp.dcom.sys.cisco)
  • Re: 802.1x log off?
    ... windows does not send a log-off to IAS, but its 802.1x EAP state machine ... > I presumed that windows would send an EAP-logoff message to the IAS server ... > the IAS server using the 'xp balloon' on the bottom of the screen. ...
    (microsoft.public.internet.radius)
  • Re: IAS 2003 Connection Request Policies
    ... why should Microsoft IAS be so difficult? ... for Linux and Radiator for Windows) and they are very inexpensive. ... > not referred to as authentication since MAC address is public information ... > connect as a Windows guest account. ...
    (microsoft.public.internet.radius)