Troubleshooting IAS as Radius server

Discussion:

(too old to reply)

Jim Helfer

2008-06-18 17:41:01 UTC

I have installed IAS on a Windows 2003 server and set it up as a
Radius server. I want to use it to use AD Authentification for my Cisco
ASA Vpn.

I setup the firewall IP as a client and register the server with AD,
no apparent problems, but I'm not sure if it's working properly. I've
set up logging, but I can't find any reference on what the log entries mean.

Here's the latest entry:

172.16.16.4,fife,06/17/2008,15:19:09,IAS,WTWMAIL2,25,311 1 172.16.16.7
06/12/2008 18:15:44
67,4127,1,4130,WTWARCH\fife,4129,WTWARCH\fife,4154,Use Windows
authentication for all
users,4155,1,4128,Cisco-ASA,4116,0,4108,172.16.16.4,4136,3,4142,16

Where 172.16.16.4 is the IP address of the firewall
WTWMAIL2 is the name of the server running IAS
WTARCH\FIFE is the username authenticatiing
and "Cisco-ASA" is what I named the Radius client.

But I don't no how to read this.

Any assistance apreciated,

Jim

S. Pidgorny <MVP>

2008-06-19 08:44:03 UTC

Permalink

Look in the System event log - you'll find much more readable events there
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

I have installed IAS on a Windows 2003 server and set it up as a Radius
server. I want to use it to use AD Authentification for my Cisco ASA Vpn.
I setup the firewall IP as a client and register the server with AD, no
apparent problems, but I'm not sure if it's working properly. I've set up
logging, but I can't find any reference on what the log entries mean.
172.16.16.4,fife,06/17/2008,15:19:09,IAS,WTWMAIL2,25,311 1 172.16.16.7
06/12/2008 18:15:44 67,4127,1,4130,WTWARCH\fife,4129,WTWARCH\fife,4154,Use
Windows authentication for all
users,4155,1,4128,Cisco-ASA,4116,0,4108,172.16.16.4,4136,3,4142,16
Where 172.16.16.4 is the IP address of the firewall
WTWMAIL2 is the name of the server running IAS
WTARCH\FIFE is the username authenticatiing
and "Cisco-ASA" is what I named the Radius client.
But I don't no how to read this.
Any assistance apreciated,
Jim

Jim Helfer

2008-06-19 14:23:09 UTC

Permalink

Post by S. Pidgorny <MVP>
Look in the System event log - you'll find much more readable events there

I'm using "Radius Test client" from IEA Software to try and test this.
When I try to authenticate to the server, I get nothing. It just
immediately returns a "timeout" result. Nothing in the log file, nothing
in the event logs.

It's like I'm missing some major part of the system, but I just don't
see what could possibly be wrong, there just aren't that many parts to
the software!

Very frustrating that I can't even get an error message out of this thing.

Jim Helfer

2008-06-19 14:43:30 UTC

Permalink

Ooops. Nevermind, the service was stopped.

Post by Jim Helfer

Post by S. Pidgorny <MVP>
Look in the System event log - you'll find much more readable events there

I'm using "Radius Test client" from IEA Software to try and test this.
When I try to authenticate to the server, I get nothing. It just
immediately returns a "timeout" result. Nothing in the log file, nothing
in the event logs.
It's like I'm missing some major part of the system, but I just don't
see what could possibly be wrong, there just aren't that many parts to
the software!
Very frustrating that I can't even get an error message out of this thing.

James McIllece [MS]

2008-06-19 20:15:25 UTC

Permalink

Post by Jim Helfer
I have installed IAS on a Windows 2003 server and set it up as a
Radius server. I want to use it to use AD Authentification for my
Cisco ASA Vpn.
I setup the firewall IP as a client and register the server with AD,
no apparent problems, but I'm not sure if it's working properly. I've
set up logging, but I can't find any reference on what the log entries mean.
172.16.16.4,fife,06/17/2008,15:19:09,IAS,WTWMAIL2,25,311 1 172.16.16.7
06/12/2008 18:15:44
67,4127,1,4130,WTWARCH\fife,4129,WTWARCH\fife,4154,Use Windows
authentication for all
users,4155,1,4128,Cisco-ASA,4116,0,4108,172.16.16.4,4136,3,4142,16
Where 172.16.16.4 is the IP address of the firewall
WTWMAIL2 is the name of the server running IAS
WTARCH\FIFE is the username authenticatiing
and "Cisco-ASA" is what I named the Radius client.
But I don't no how to read this.
Any assistance apreciated,
Jim

Hi Jim --

Regarding your comment, "I can't find any reference on what the log entries
mean."

Did you refer to the product Help on the computer? There are topics in the
IAS Help that tell you how to interpret log files.

They are also on the Web at:

Interpreting database-import log files
http://technet2.microsoft.com/WindowsServer/en/library/b583bb8c-f90d-4c52-
a748-7bd5c41df5641033.mspx

Interpreting IAS-formatted log files
http://technet2.microsoft.com/windowsserver/en/library/f6322ae0-fb0a-4379-
ad54-80bc62f783101033.mspx

Interpreting IAS IDs for vendor-specific attributes
http://technet2.microsoft.com/windowsserver/en/library/e6d623f5-7398-4262-
9e2a-414813ab5a7a1033.mspx

--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.