Hi!
I´m using windows 2003 IAS as a proxy against RSA Securid to authenticate
the admins that login trough telnet to our cisco switches. It works fine for
the first login but when i try to go to enable mode i get an error from ias.
RSA Securid accepts the username and passcode for $enab15$ but ias writes
this in the logs: "Reason = The remote RADIUS (Remote Authentication Dial-In
User Service) server returned an unreadable response."
I believe that the problem is that the cisco switch sends an username
$enab15$ that contains special characters. It seems like that ias won´t
accept special characters in the username. Is there some way to get arround
this?

[ Post a follow-up to this message ]

Timo,

I suspect that there is something else missing. Can you post the entire
event log? And can you enable tracing "netsh ras set tr * en" and copy the
relevant logs?

Thanks, Manju
 ++++++++++++++++++++++++++++++++++++++++
+++++++
This posting is provided "AS IS" with no warranties, and confers no rights


"Timo V" <Timo V@discussions.microsoft.com> wrote in message
news:63C8C4B6-03A1-43FF-A0AC-E2B43B5E9575@microsoft.com...
> Hi!
> I´m using windows 2003 IAS as a proxy against RSA Securid to authenticate
> the admins that login trough telnet to our cisco switches. It works fine
> for
> the first login but when i try to go to enable mode i get an error from
> ias.
> RSA Securid accepts the username and passcode for $enab15$ but ias writes
> this in the logs: "Reason = The remote RADIUS (Remote Authentication
> Dial-In
> User Service) server returned an unreadable response."
> I believe that the problem is that the cisco switch sends an username
> $enab15$ that contains special characters. It seems like that ias won´t
> accept special characters in the username. Is there some way to get
> arround
> this?
>

[ Post a follow-up to this message ]

Hi! I did enable tracing but the tracelogs did not catch any of the radius
trafic. When i try to authenticate the enable user the MS ias correctly
proxies the request to my rsa server and the rsa server logs says "passcode
accepted" when i look at the logs in my ias event viewer i get this:

Access request for user $enab15$ was discarded.
Fully-Qualified-User-Name = <undetermined>
NAS-IP-Address = 10.1.1.10
NAS-Identifier = <not present>
Called-Station-Identifier = <not present>
Calling-Station-Identifier = 192.168.0.1
Client-Friendly-Name = Switch 110
Client-IP-Address = 10.1.1.10
NAS-Port-Type = Virtual
NAS-Port = 1
Proxy-Policy-Name = RSA Securid authentication
Authentication-Provider = RADIUS Proxy
Authentication-Server = 10.1.1.20
Reason-Code = 118
Reason = The remote RADIUS (Remote Authentication Dial-In User Service)
server returned an unreadable response.

If i user any other account it works fine, it is only the enable user that
won´t work and thats the only account with special characters ($enab15$) in
the username.

Regards
Timo

"Manjunath Bharadwaj [MSFT]" wrote:

> Timo,
>
>   I suspect that there is something else missing. Can you post the entire
> event log? And can you enable tracing "netsh ras set tr * en" and copy the
> relevant logs?
>
>   Thanks, Manju
>  ++++++++++++++++++++++++++++++++++++++++
+++++++
> This posting is provided "AS IS" with no warranties, and confers no rights
>
>
> "Timo V" <Timo V@discussions.microsoft.com> wrote in message
> news:63C8C4B6-03A1-43FF-A0AC-E2B43B5E9575@microsoft.com... 
>
>
>

[ Post a follow-up to this message ]