Solved

RADIUS Issue

Posted on 2006-06-16
4
1,836 Views
Last Modified: 2013-11-16
I am trying to get RADIUS working when clients access a certain website, the setup is as follows:


[client]--------->[PIX 515e]----------->[webserver]
                              |
                              |
                              |
                     [Radius Server]


The way it should work is, a client accesses www.<website>.com, a window opens pops up and prompts for authentication credentials, those credentials get passed to the Radius server, the Radius server accepts and sends back to the PIX and the client gets through.

Now, I have most of this working, I have a PIX 515e and a Windows 2003 EE server running IAS.  When I access the website, it gives me the box prompting for a password, and the PIX is communicating with the Windows server with the RADIUS protocol (I verified this with Ethereal).  The problem is, authentication fails every time (using Ethereal I see that the Windows server passes an Access-Reject RADIUS packet back).  The Radius server is not on a domain and I have created simple local user accounts on the Windows server to use for authentication, however I can't get it working.

Is there some special secret to getting the RADIUS server to authenticate or what?
0
Comment
Question by:TheTull
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 7

Author Comment

by:TheTull
ID: 16923144
Update:

The IAS Log file is indicating an "IAS_INVALID_AUTH_TYPE" Error.
0
 
LVL 13

Accepted Solution

by:
prashsax earned 500 total points
ID: 16923147
This article tell how to configure windows 2003 IAS to work with PIX.

Its for Cisco VPN clients, but it is same for any RADIUS authentication.


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml#config-2003
0
 
LVL 7

Author Comment

by:TheTull
ID: 16923206
Excellent, it's working now

Looks like I had to enable Unencrypted (PAP, SPAP) to get it to work.  
0
 
LVL 13

Expert Comment

by:prashsax
ID: 16923232
Good to know its working.

ThankQ.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question