5 Replies Latest reply on Aug 25, 2010 11:40 AM by bleearg13

    RADIUS & TACACS+

    aLTeReGo
    aLTeReGo Employee May 4, 2010 12:27 PM

      Has anyone tested RADIUS or TACACS+ user experience monitors? I'm having trouble specifically with RADIUS and ACS not liking the username and password, though when I try using different utilities they work just fine. It's definitely a password issue since the account is being locked out after several unsuccessful tests. I'm running APM 3.5 RC2 against Cisco's ACS Server v4.2. 

      • 1811 Views
      • Tags:
        • Re: RADIUS & TACACS+
          jeff.stewart
          jeff.stewart Employee May 4, 2010 1:15 PM (in response to aLTeReGo)

          Have you tried a local account on ACS?

            • Re: RADIUS & TACACS+
              aLTeReGo
              aLTeReGo Employee May 5, 2010 1:54 PM (in response to jeff.stewart)

              The error message I'm receiving is 

              Testing  on node *****: failed with 'Undefined' status

              Radius authentication was failed, unable to communicate with remote RADIUS  server!
              Exception message is: Specified argument was out of the range of valid  values. Parameter name: newAddress
              Using NTRadPing from the Orion server I receive a radius accept message so I'm not sure exactly what the problem is. It looks to me as though APM is receiving an unexpected parameter in the RADIUS response message that it doesn't know how to handle. Thoughts?

                • Re: RADIUS & TACACS+
                  sean.martinez
                  sean.martinez May 7, 2010 1:58 PM (in response to aLTeReGo)

                  I was able to get my Radius Working. It was the Server 2k8 R2 Radius that you can configure, but I setup a Dummy account with simple characters to make sure it worked.

                   

                  I know my Error went from Undefined Status to another error similar to "bad key" or something. I will set it up again and write the Steps down this time, and the errors I see.

                    • Re: RADIUS & TACACS+
                      aLTeReGo
                      aLTeReGo Employee May 7, 2010 2:08 PM (in response to sean.martinez)

                      I'm sure it works but my Cisco ACS 4.2 server is sending back RADIUS attributes that in my opinion appear to cause the APM monitor to fail.  Given the diversity of client environments I would have thought the RADIUS user experience monitor would be designed to be a little less rigid. The RADIUS server sends back a RADIUS Access-Accept response but there are additional RADIUS attributes that are passed along as well that appear to be tripping up APM. I could be wrong though. Anyone from development want to chime in here?