Link to home
Create AccountLog in
Avatar of smith9069
smith9069

asked on

Cisco ERROR: Authentication Rejected: Invalid password

I am trying to setup ASA as VPN using IAS authentication. When using this command "test aaa authentication IASIP12 host 10.0.0.12" to test it. I receive ERROR: Authentication Rejected: Invalid password. I know I have correct password and I have tried different username. In the Windows Event I also receive these two events:

Event Type:    Success Audit
Event Source:    Security
Event Category:    Logon/Logoff
Event ID:    540
User:        DOMAIN\blin
Computer:    DEVICES1
Description:
Successful Network Logon:
     User Name:    BLin
     Domain:        DOMAIN
     Logon ID:        (0x0,0xB277183E)
     Logon Type:    3
     Logon Process:    IAS
     Authentication Package:    MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
     Workstation Name:    
     Logon GUID:    -
     Caller User Name:    DEVICES1$
     Caller Domain:    DOMAIN
     Caller Logon ID:    (0x0,0x3E7)
     Caller Process ID: 1188
     Transited Services: -
     Source Network Address:    -
     Source Port:    -
Event Type:    Warning
Event Source:    IAS
Event Category:    None
Event ID:    2
User:        N/A
Computer:    DEVICES1
Description:
User blin was denied access.
 Fully-Qualified-User-Name = chicagotech.net/Users/Bob Lin
 NAS-IP-Address = 172.16.252.254
 NAS-Identifier = <not present>
 Called-Station-Identifier = <not present>
 Calling-Station-Identifier = 000.000.000.000
 Client-Friendly-Name = ASAVPN
 Client-IP-Address = 172.16.252.254
 NAS-Port-Type = Virtual
 NAS-Port = <not present>
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = All
 Authentication-Type = PAP
 EAP-Type = <undetermined>
 Reason-Code = 66
 Reason = The user attempted to use an authentication method that is not enabled on the matching remote access policy.

Event Type:    Success Audit
Event Source:    Security
Event Category:    Logon/Logoff
Event ID:    540
Date:        3/4/2008
Time:        4:10:05 PM
User:        DOMAIN\blin
Computer:    DEVICES1
Description:
Successful Network Logon:
     User Name:    BLin
     Domain:        DOMAIN
     Logon ID:        (0x0,0xB277183E)
     Logon Type:    3
     Logon Process:    IAS
     Authentication Package:    MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
     Workstation Name:    
     Logon GUID:    -
     Caller User Name:    DEVICES1$
     Caller Domain:    DOMAIN
     Caller Logon ID:    (0x0,0x3E7)
     Caller Process ID: 1188
     Transited Services: -
     Source Network Address:    -
     Source Port:    -

The configuration file can be found here: http://www.howtocisco.com/cisco/samples/iasexample.htm
ASKER CERTIFIED SOLUTION
Avatar of Member_2_3654191
Member_2_3654191
Flag of Germany image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of smith9069
smith9069

ASKER

Is the PAP safe? Should I force the ASA use MS-CHAP?