Hi,

Iīm trying to configure BM 3.8 SP3ir3, Radius (NMAS 2.3) to
authenticate a Cisco 2600 against my BM. Under BM 3.7 this
setup is working fine, but now with 3.8 I get the following
error:

Access rejected, Miscellaneous error (-1642)

Iīve configured the LPO with the following sequences:
NDS acceptable, simple acceptable

A test with NTRADPING:
with CHAP disabled, it works fine (LPO sequence is NDS)
with CHAP enabled, Iīve got the error above

I tried the simple login sequence also (like a posting
in this newsgroup), but no change.

Hope you can help me, I need chap-authentication...

From Radius-Debug:

This one works (without CHAP):
[2005-07-28 05:52:43 PM] (->)Cacher:
NWDSReadObjectInfo(das01.radius.bmanager.informati k.kli_pa),
succeeded, time:7
[2005-07-28 05:52:43 PM] 31) [(ip) 172.24.4.2:2642], Received 46 Bytes
(Access-Request (1))
[2005-07-28 05:52:43 PM] [(total=31) (p=30) (d=0) (r=0) (acc=0)
(rej=0)]
[2005-07-28 05:52:43 PM] <2> Done GetNextMessage [(ip)
172.24.4.2:2642]: time:2611012
[2005-07-28 05:52:43 PM] -------- START : (Access-Request (1)) [(ip)
172.24.4.2:2642]: time:640356694---
[2005-07-28 05:52:43 PM] CACHE:
CacheDomainListExist(das01.radius.bmanager.informa tik.kli_pa), using cache
[2005-07-28 05:52:43 PM] AuthRequestHandler(), Calling
NewRequestHandler.
[2005-07-28 05:52:43 PM] CACHE:
CacheGetEnableCNLogin(das01.radius.bmanager.inform atik.kli_pa), using
cache
[2005-07-28 05:52:43 PM]
(->)CacheGetDNForName:NWDSReadObjectInfo(NAS2-1), succeeded, time:72
[2005-07-28 05:52:43 PM] CacheFindContext - GetParentDN(userDN)
(RADIUS.BMANAGER.INFORMATIK.KLI_PA)
[2005-07-28 05:52:43 PM] CacheFindContext - tmpContext
(RADIUS.BMANAGER.INFORMATIK.KLI_PA),
contextName(RADIUS.BMANAGER.INFORMATIK.KLI_PA)
[2005-07-28 05:52:43 PM] Handling local authentication request.
[2005-07-28 05:52:43 PM] CACHE:
CacheReadSecretForNASAddress(das01.radius.bmanager .informatik.kli_pa),
using cache
[2005-07-28 05:52:43 PM]
(->)NDSVerifyAttr:NWDSRead(NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA,RADIUS:Dial
Access Group) succeeded, time:47
[2005-07-28 05:52:43 PM]
(->)NWDSCompare:(NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA) succeeded,
time:42
[2005-07-28 05:52:43 PM]
(->)NWDSRead(NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA,RADIUS Enable
Attr) succeeded, time:45
[2005-07-28 05:52:43 PM] User Name: NAS2-1, User DN:
NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA, Domain: , Service Tag:
[2005-07-28 05:52:43 PM] (->)NADMAuthRequest()
[2005-07-28 05:52:43 PM]
(->)NADMAuthRequest(NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA)
succeeded, time:961
[2005-07-28 05:52:43 PM] (->)Authenticate (0 policy, NDS pswd) (for
NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA), succeeded
[2005-07-28 05:52:43 PM]
(->)NDSReadData:NWDSRead(NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA,RADIUS:Concurr ent
Limit) failed, no such attribute (-603), time:50
[2005-07-28 05:52:43 PM] CACHE:
CacheGetConcurrentLimit(das01.radius.bmanager.info rmatik.kli_pa),
using cache
[2005-07-28 05:52:43 PM]
User:NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA, Current Login:0, Login
Limit:-1, succeeded
[2005-07-28 05:52:43 PM] (->)Authentication SUCCEEDED
[2005-07-28 05:52:43 PM] Tag "DIALIN" uses profile
"DIALIN.RADIUS.BMANAGER.INFORMATIK.KLI_PA"
[2005-07-28 05:52:43 PM] FDN:
CN=NAS2-1.OU=RADIUS.OU=BMANAGER.OU=INFORMATIK.O=KLI_PA
[2005-07-28 05:52:43 PM] PutAttributesInBuffer, calling FilterAttribute
[2005-07-28 05:52:43 PM] Filter attribute, vendorID: 0, attribute: 6
[2005-07-28 05:52:43 PM] PutAttributesInBuffer, calling FilterAttribute
[2005-07-28 05:52:43 PM] Filter attribute, vendorID: 0, attribute: 7
[2005-07-28 05:52:43 PM] ->Sending Access-Accept (2) [(ip)
172.24.4.2(2642)] count=32
[2005-07-28 05:52:43 PM] ->Inserting into RespQ , code(2) id(7).
[2005-07-28 05:52:43 PM] -------- END : (Access-Request (1)) [(ip)
172.24.4.2:2642]: time:640358122---



-----

This one donīt work (chap enabled):

[2005-07-28 05:52:55 PM] 32) [(ip) 172.24.4.2:2647], Received 47 Bytes
(Access-Request (1))
[2005-07-28 05:52:55 PM] [(total=32) (p=31) (d=0) (r=0) (acc=0)
(rej=0)]
[2005-07-28 05:52:55 PM] <4> Done GetNextMessage [(ip)
172.24.4.2:2647]: time:2426593
[2005-07-28 05:52:55 PM] -------- START : (Access-Request (1)) [(ip)
172.24.4.2:2647]: time:640481075---
[2005-07-28 05:52:55 PM] CACHE:
CacheDomainListExist(das01.radius.bmanager.informa tik.kli_pa), using cache
[2005-07-28 05:52:55 PM] AuthRequestHandler(), Calling
NewRequestHandler.
[2005-07-28 05:52:55 PM] CACHE:
CacheGetEnableCNLogin(das01.radius.bmanager.inform atik.kli_pa), using
cache
[2005-07-28 05:52:55 PM]
(->)CacheGetDNForName:NWDSReadObjectInfo(NAS2-1), succeeded, time:72
[2005-07-28 05:52:55 PM] CacheFindContext - GetParentDN(userDN)
(RADIUS.BMANAGER.INFORMATIK.KLI_PA)
[2005-07-28 05:52:55 PM] CacheFindContext - tmpContext
(RADIUS.BMANAGER.INFORMATIK.KLI_PA),
contextName(RADIUS.BMANAGER.INFORMATIK.KLI_PA)
[2005-07-28 05:52:55 PM] Handling local authentication request.
[2005-07-28 05:52:55 PM] HandleCHAPRequest(NAS2-1)
[2005-07-28 05:52:55 PM] CACHE:
CacheReadSecretForNASAddress(das01.radius.bmanager .informatik.kli_pa),
using cache
[2005-07-28 05:52:55 PM] CHAP chapCSize: 16
[2005-07-28 05:52:55 PM] [CHAP]User Name: NAS2-1, User DN:
NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA, Domain: , Service Tag:
[2005-07-28 05:52:55 PM]
(->)NDSVerifyAttr:NWDSRead(NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA,RADIUS:Dial
Access Group) succeeded, time:53
[2005-07-28 05:52:55 PM]
(->)NWDSCompare:(NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA) succeeded,
time:42
[2005-07-28 05:52:55 PM]
(->)NWDSRead(NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA,RADIUS Enable
Attr) succeeded, time:44
[2005-07-28 05:52:55 PM] (->)NADMAuthRequest()
[2005-07-28 05:52:59 PM] ->Sending Access-Reject (3) [(ip)
172.24.4.2(2647)] count=20
[2005-07-28 05:52:59 PM] ->Inserting into RespQ , code(3) id(8).
[2005-07-28 05:52:59 PM] -------- END : (Access-Request (1)) [(ip)
172.24.4.2:2647]: time:640512029---



I cannīt see an error with chap enabled..


Regards
Guenther