Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

W2K3 Radius server with PIX

Status
Not open for further replies.
NLCMH

NLCMH

MIS
Feb 5, 2007
28
US
Hello all, I hope someone can help me.
I have a PIX 515E, I am using a Windows 2003 Server with IAS installed for RADIUS.
At the PIX when I do a "test authentication radius host x.x.x.x" I get a "Authentication rejected" Invalid password.
When I look at the event log of the RADIUS server I have the following:

User cisco was denied access.
Fully-Qualified-User-Name = cisco.com/Cisco
NAS-IP-Address = 192.168.181.200
NAS-Identifier = <not present>
Called-Station-Identifier = <not present>
Calling-Station-Identifier = <not present>
Client-Friendly-Name = PIX
Client-IP-Address = 192.168.181.200
NAS-Port-Type = Virtual
NAS-Port = <not present>
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = VPN Authentication
Authentication-Type = PAP
EAP-Type = <undetermined>
Reason-Code = 65
Reason = The connection attempt failed because remote access permission for the user account was denied. To allow remote access, enable remote access permission for the user account, or, if the user account specifies that access is controlled through the matching remote access policy, enable remote access permission for that remote access policy.

The domain is a MIXED W2K domain.
So, I am at a loss as to what to do.
With the mixed mode, there is no "dial in" tab.
The policy at the RADIUS server is wide open.

Can anyone help?
Thanks
 
Sort by date Sort by votes
I encountered and solved the same "reason-code = 65" problem. The fix was to go the user in Active Directory, click on the "Dial-in" tab, and select "Allow Access" for Remote Access Permission.

The option that we probably want is "Control access through Remote Access Policy", but this is disabled for me at present. Presumably I first need to create a policy ... which I'm working on now.

But I can authenticate using XAuth-RADIUS and my AD username/password!

Good luck.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
234
MaioMaio
MaioMaio
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
290
Aquiles Vidal
Aquiles Vidal
ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
517
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
303
DrB0b
DrB0b
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
345
suncit
suncit

Part and Inventory Search

Sponsor

Back
Top