bimmerite
2009-12-09 01:21:01 UTC
I have setup a Cisco router to handle PPTP traffic and authenticate using
IAS via radius on Server 2003 SP2. I've gotten my XP clients to work fine
but when I use the Mac OS 10.5 built in client it will only work if I disable
encryption. I've been able to authenticate locally to the Cisco router using
encryption. The problem appears when I throw radius authentication into the
mix.
When I set encryption I receive an error on the Mac stating that CCP is not
supported, MPPE disabled and the tunnel shuts down. Debug on the Cisco
router shows the error "unsupported attr: [174] 13" which is the radius
attribute for Frame-Compression. I've tried setting the frame compression
attribute to both "None" and to "Stac/LZS". When I do this, I get a new
error "unsupported attr: interface [174] 14" which corresponds to
Login-IP-Host". The explanation for this attribute is "specifies the IP
address of the host to which the user should connect."
I'm thinking part of the problem is the Cisco and part is my configuration
in IAS. When I checked the event viewer and the IAS log it doesn't show any
errors. It shows that authentication passed. TAC is saying the problem is
the configuration on the IAS server. I'm not sure how true this is but any
help would be appreciated. Is there any specific attributes or
configurations that I need to do on the IAS server to solve this problem?
My current configuration on the IAS server:
Radius Clients > I have the Cisco router setup. Protocol is "RADIUS".
Client-Vendor set to "Cisco" and a shared secret password is setup.
Remote Access Policies > Named "Authenticate all VPN connections".
Windows-Groups matches "*\VPN Users" and set to "Grant access".
Authentication set to MS-CHAP v2. Encryption set for 40, 56 & 128 bit for
MPPE. Under Advanced, I currently only have 1 attribute set: Service-Type
set to "Login". In the past I've had other attributes like Frame-Compression
& Framed-Protocol set but this didn't help. Framed-Protocol was set to "PPP"
and Framed-Compression I talked about above.
Thank you for any help!
IAS via radius on Server 2003 SP2. I've gotten my XP clients to work fine
but when I use the Mac OS 10.5 built in client it will only work if I disable
encryption. I've been able to authenticate locally to the Cisco router using
encryption. The problem appears when I throw radius authentication into the
mix.
When I set encryption I receive an error on the Mac stating that CCP is not
supported, MPPE disabled and the tunnel shuts down. Debug on the Cisco
router shows the error "unsupported attr: [174] 13" which is the radius
attribute for Frame-Compression. I've tried setting the frame compression
attribute to both "None" and to "Stac/LZS". When I do this, I get a new
error "unsupported attr: interface [174] 14" which corresponds to
Login-IP-Host". The explanation for this attribute is "specifies the IP
address of the host to which the user should connect."
I'm thinking part of the problem is the Cisco and part is my configuration
in IAS. When I checked the event viewer and the IAS log it doesn't show any
errors. It shows that authentication passed. TAC is saying the problem is
the configuration on the IAS server. I'm not sure how true this is but any
help would be appreciated. Is there any specific attributes or
configurations that I need to do on the IAS server to solve this problem?
My current configuration on the IAS server:
Radius Clients > I have the Cisco router setup. Protocol is "RADIUS".
Client-Vendor set to "Cisco" and a shared secret password is setup.
Remote Access Policies > Named "Authenticate all VPN connections".
Windows-Groups matches "*\VPN Users" and set to "Grant access".
Authentication set to MS-CHAP v2. Encryption set for 40, 56 & 128 bit for
MPPE. Under Advanced, I currently only have 1 attribute set: Service-Type
set to "Login". In the past I've had other attributes like Frame-Compression
& Framed-Protocol set but this didn't help. Framed-Protocol was set to "PPP"
and Framed-Compression I talked about above.
Thank you for any help!