Re: IAS Rejects Credentials - Help!

From: S. Pidgorny (slavickp_at_yahoo.com)
Date: 03/25/04


Date: Thu, 25 Mar 2004 18:41:54 +1100

It would be nice to see the Windows event log entry from IAS - that will
give more information. In the meantime, I'd suggest using "domainname\nancy"
or "nancy@yourcorpdomain.net" (Windows UPN) instead of just "nancy" for
login.

-- 
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-
"Bill" <anonymous@discussions.microsoft.com> wrote in message
news:A9AB6B2D-3A79-46AF-88F1-BBEB94EDE651@microsoft.com...
> Hi.  I have a Cisco 2621 confugured as a VPN server and I want to use IAS
as a RADIUS server.  IAS is running on Windows 2000 Server in a DMZ.  I am
using the Cisco VPN client (4.03c). I have checked and rechecked usernames,
passwords, policies and router and IAS configurations and security settings
but this still will not work.  I looks like it should: the router is talking
to the radius server below is the dialog on the router from IAS:
>
> 1w2d: RADIUS: Pick NAS IP for u=0x82B9684C tableid=0 cfg_addr=0.0.0.0
> 1w2d: RADIUS: ustruct sharecount=2
> 1w2d: Radius: radius_port_info() success=1 radius_nas_port=1
> 1w2d: RADIUS/ENCODE: Best Local IP-Address 203.34.xx.yyy for Radius-Server
203.34.xx.yyy
> 1w2d: RADIUS(00000000): Send Access-Request to 203.34.xx.yyy:1645 id
1645/55, len 82
> 1w2d: RADIUS:  authenticator 3B 47 8D E5 F8 91 91 85 - 03 E2 D7 E2 D6 28
6A F4
> 1w2d: RADIUS:  NAS-IP-Address      [4]   6   203.34.xx.zzz
> 1w2d: RADIUS:  NAS-Port            [5]   6   500
> 1w2d: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
> 1w2d: RADIUS:  User-Name           [1]   10  "nancy"
> 1w2d: RADIUS:  Calling-Station-Id  [31]  16  "203.40.199.251"
> 1w2d: RADIUS:  User-Password       [2]   18  *
> 1w2d: RADIUS: Received from id 1645/55 203.34.xx.yyy:1645, Access-Reject,
len 20
>
> I have run out of ideas.  Can anyone please shed some light on this for
me?
> Cheers,
> Bill
>