(RADIATOR) Cisco AS5300 and Radiator Issue.

Martin Wallner Martin.Wallner at eunet.co.at
Thu Jun 1 09:17:58 CDT 2006


Uday,

That looks definitely like an error (and one I run into also) in the radius-key on the 5600 (aka not the same as the Radius server sends, so the response of the Radius 'failed to decrypt').

This can happen on some cisco IOS, especially when you cut and paste the already encrypted radius-secret from one cisco (with an older IOS) to another. Just enter the Radius-secret on the cisco correctly again in plain text, 

radius-server key same-key-as-in-radiusclient

it will encrypt automatically to 7 

radius-server key 7 some-encrypted-gibberish 

and then try again. 

You _MIGHT_ have to restart the 5600 (you should not, but that depends.... especially if you have radius-groups, but that's a 'feature' by CISCO....)

------ snippled from cisco site -----------
Key in router does not match that of server:
RADIUS: Received from id (21) 171.68.118.101:1645, Access-Reject, len 20
RADIUS: Reply for (21) fails decrypt
Remark: '21' is the ID of the Radius-Request.
-------------------------------------------

=mw=


> -----Original Message-----
> From: Uday K. MOORJANI [mailto:umoorjani at mediaserv.net] 
> Sent: Donnerstag, 01. Juni 2006 16:00
> To: Hugh Irvine
> Cc: radiator at open.com.au; Martin Wallner
> Subject: Re: (RADIATOR) Cisco AS5300 and Radiator Issue.
> 
> Hugh,
> 
> ça va très bien, tres heureux de vous connaitre ! :)
> 
> So... I debugged the authentication proccess and this is the 
> debug error, I saw "Reponse (26) failed decrypt". I changed 
> the authentication to CHAP instead of MS-CHAP and still 
> nothing, how do you think I can resolv this :
> 
> --snip--
> 1d19h: %ISDN-6-CONNECT: Interface Serial6:17 is now connected 
> to 590571015
> 1d19h: %LINK-3-UPDOWN: Interface Async212, changed state to up
> 1d19h: AAA/MEMORY: create_user (0x622BBA04) user='msvtest1' ruser='' 
> port='Async212' rem_addr='590571015/0860572624' 
> authen_type=CHAP service=PPP priv=1
> 1d19h: RADIUS: ustruct sharecount=1
> 1d19h: RADIUS: Initial Transmit Async212 id 26 
> 213.188.172.7:1645, Access-Request, len 112
> 1d19h:         Attribute 4 6 D5BCAF3E
> 1d19h:         Attribute 5 6 000000D4
> 1d19h:         Attribute 61 6 00000000
> 1d19h:         Attribute 1 10 6D737674
> 1d19h:         Attribute 30 12 30383630
> 1d19h:         Attribute 31 11 35393035
> 1d19h:         Attribute 3 19 01A20DC9
> 1d19h:         Attribute 6 6 00000002
> 1d19h:         Attribute 7 6 00000001
> 1d19h:         Attribute 44 10 30303030
> 1d19h: RADIUS: Received from id 26 213.188.172.7:1645, 
> Access-Accept, len 20
> 1d19h: RADIUS: Response (26) failed decrypt
> 1d19h: Async212 AAA/DISC: 17/"User Error"
> 1d19h: Async212 AAA/DISC/EXT: 1043/"CHAP Auth Failed"
> 1d19h: As212 AAA/DISC: 18/"Host Request"
> 1d19h: As212 AAA/DISC/EXT: 1046/"Upper Layer Req Close"
> 1d19h: As212 AAA/DISC: 1/"User Request"
> 1d19h: As212 AAA/DISC/EXT: 1045/"Received Terminate"
> 1d19h: AAA/MEMORY: free_user (0x622BBA04) user='msvtest1' ruser='' 
> port='Async212' rem_addr='590571015/0860572624' 
> authen_type=CHAP service=PPP priv=1
> 1d19h: As212 AAA/DISC: 2/"Lost Carrier"
> 1d19h: As212 AAA/DISC/EXT: 1011/"Lost Carrier"
> 1d19h: %ISDN-6-DISCONNECT: Interface Serial6:17  disconnected from
> 590571015 , call lasted 28 seconds
> 1d19h: As212 AAA/DISC: 2/"Lost Carrier"
> 1d19h: As212 AAA/DISC/EXT: 1011/"Lost Carrier"
> 1d19h: As212 AAA/DISC: 2/"Lost Carrier"
> 1d19h: As212 AAA/DISC/EXT: 1011/"Lost Carrier"
> 1d19h: %LINK-5-CHANGED: Interface Async212, changed state to reset
> 1d19h: As212 AAA/DISC: 2/"Lost Carrier"
> 1d19h: As212 AAA/DISC/EXT: 1011/"Lost Carrier"
> 1d19h: As212 AAA/DISC: 2/"Lost Carrier"
> 1d19h: As212 AAA/DISC/EXT: 1011/"Lost Carrier"
> 1d19h: %LINK-3-UPDOWN: Interface Async212, changed state to down
> 1d19h: As212 AAA/DISC: 2/"Lost Carrier"
> 1d19h: As212 AAA/DISC/EXT: 1011/"Lost Carrier"
> 1d19h: As212 AAA/DISC: 2/"Lost Carrier"
> 1d19h: As212 AAA/DISC/EXT: 1011/"Lost Carrier"
> --snip--
> 
> -- 
> 
> Cordialement,
> Sincerely Yours,
> 
> Uday K. MOORJANI
> Systems Technician
> -------------------
> MEDIASERV.NET SARL
> 6,Tour Cécid
> Place de la Rénovation
> 97110 POINTE A PITRE
> GUADELOUPE (F.W.I)
> -------------------
> 00(590)590571015
> umoorjani at mediaserv.net
> 
> 

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list