Unsolved
This post is more than 5 years old
5 Posts
0
22642
January 15th, 2008 15:00
PC5324 HTTP RADIUS AUTH Failing
I have setup Radius Authentication for telnet and it works as expected. I am passing back the RADIUS Attribute Cisco-AV-Pair. I have noticed when I try to use HTTP with RADIUS authentication it always fails, it fails with:
AAA-W-REJECT: New http connection for user ********, source 10.150.0.53 destination 10.150.0.240 REJECTED
BUT ***** is the user's password not the username, unlike when I put in a bad username I get:
AAA-W-REJECT: New http connection for user baduser, source 10.150.0.53 destination 10.150.0.240 REJECTED
A properly failing RADIUS Authentication provides the username 'baduser' as expected in console logging, but when I login with proper credentials I see the username as the password I tried to use. I saw this behavior when using telnet and I didn't pass back the Cisco-AV-Pair attribute. I'm wondering if it's expected behavior or not. More importantly...
How do I get HTTP/S RADIUS Authentication working?
Message Edited by ohhmyscreenname on 01-15-2008 12:22 PM
AAA-W-REJECT: New http connection for user ********, source 10.150.0.53 destination 10.150.0.240 REJECTED
BUT ***** is the user's password not the username, unlike when I put in a bad username I get:
AAA-W-REJECT: New http connection for user baduser, source 10.150.0.53 destination 10.150.0.240 REJECTED
A properly failing RADIUS Authentication provides the username 'baduser' as expected in console logging, but when I login with proper credentials I see the username as the password I tried to use. I saw this behavior when using telnet and I didn't pass back the Cisco-AV-Pair attribute. I'm wondering if it's expected behavior or not. More importantly...
How do I get HTTP/S RADIUS Authentication working?
Message Edited by ohhmyscreenname on 01-15-2008 12:22 PM
No Events found!
ohhmyscreenname
5 Posts
0
January 15th, 2008 16:00
console# sho version
SW version 2.0.0.39 ( date 25-Oct-2006 time 19:40:34 )
Boot version 1.0.2.02 ( date 23-Jul-2006 time 16:45:47 )
HW version 00.00.02
console# sh run
interface vlan 1
ip address 10.150.0.240 255.255.255.0
exit
ip default-gateway 10.150.0.25
radius-server host 10.151.25.1 auth-port 1812
radius-server key *********
ip http authentication radius
ip https authentication radius local
aaa authentication login radius_local radius local
line telnet
login authentication radius_local
exit
Message Edited by ohhmyscreenname on 01-15-2008 12:22 PM
ohhmyscreenname
5 Posts
0
January 15th, 2008 18:00
Zitibake
68 Posts
0
January 25th, 2008 01:00