|
Home > Archive > Radius Server > September 2005 > IAS proxy for RSA Securid
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
IAS proxy for RSA Securid
|
|
| Timo V 2005-09-21, 7:49 am |
| Hi!
I´m using windows 2003 IAS as a proxy against RSA Securid to authenticate
the admins that login trough telnet to our cisco switches. It works fine for
the first login but when i try to go to enable mode i get an error from ias.
RSA Securid accepts the username and passcode for $enab15$ but ias writes
this in the logs: "Reason = The remote RADIUS (Remote Authentication Dial-In
User Service) server returned an unreadable response."
I believe that the problem is that the cisco switch sends an username
$enab15$ that contains special characters. It seems like that ias won´t
accept special characters in the username. Is there some way to get arround
this?
| |
| Manjunath Bharadwaj [MSFT] 2005-09-21, 5:53 pm |
| Timo,
I suspect that there is something else missing. Can you post the entire
event log? And can you enable tracing "netsh ras set tr * en" and copy the
relevant logs?
Thanks, Manju
++++++++++++++++++++++++++++++++++++++++
+++++++
This posting is provided "AS IS" with no warranties, and confers no rights
"Timo V" <Timo V@discussions.microsoft.com> wrote in message
news:63C8C4B6-03A1-43FF-A0AC-E2B43B5E9575@microsoft.com...
> Hi!
> I´m using windows 2003 IAS as a proxy against RSA Securid to authenticate
> the admins that login trough telnet to our cisco switches. It works fine
> for
> the first login but when i try to go to enable mode i get an error from
> ias.
> RSA Securid accepts the username and passcode for $enab15$ but ias writes
> this in the logs: "Reason = The remote RADIUS (Remote Authentication
> Dial-In
> User Service) server returned an unreadable response."
> I believe that the problem is that the cisco switch sends an username
> $enab15$ that contains special characters. It seems like that ias won´t
> accept special characters in the username. Is there some way to get
> arround
> this?
>
| |
| Timo V 2005-09-22, 7:50 am |
| Hi! I did enable tracing but the tracelogs did not catch any of the radius
trafic. When i try to authenticate the enable user the MS ias correctly
proxies the request to my rsa server and the rsa server logs says "passcode
accepted" when i look at the logs in my ias event viewer i get this:
Access request for user $enab15$ was discarded.
Fully-Qualified-User-Name = <undetermined>
NAS-IP-Address = 10.1.1.10
NAS-Identifier = <not present>
Called-Station-Identifier = <not present>
Calling-Station-Identifier = 192.168.0.1
Client-Friendly-Name = Switch 110
Client-IP-Address = 10.1.1.10
NAS-Port-Type = Virtual
NAS-Port = 1
Proxy-Policy-Name = RSA Securid authentication
Authentication-Provider = RADIUS Proxy
Authentication-Server = 10.1.1.20
Reason-Code = 118
Reason = The remote RADIUS (Remote Authentication Dial-In User Service)
server returned an unreadable response.
If i user any other account it works fine, it is only the enable user that
won´t work and thats the only account with special characters ($enab15$) in
the username.
Regards
Timo
"Manjunath Bharadwaj [MSFT]" wrote:
> Timo,
>
> I suspect that there is something else missing. Can you post the entire
> event log? And can you enable tracing "netsh ras set tr * en" and copy the
> relevant logs?
>
> Thanks, Manju
> ++++++++++++++++++++++++++++++++++++++++
+++++++
> This posting is provided "AS IS" with no warranties, and confers no rights
>
>
> "Timo V" <Timo V@discussions.microsoft.com> wrote in message
> news:63C8C4B6-03A1-43FF-A0AC-E2B43B5E9575@microsoft.com...
>
>
>
|
|
|
|
|