Authentication using Microsoft 2008 Active directory for Cisco RADIUS login

Michael_Ruiz · January 18, 2011, 9:15pm

Hello all,

I am having some trouble getting my Cisco routers to use
Active directory to authenticate users. I have searched on Google and so
far I am coming up dry on good documentation that will work.

I have used these links.
http://briandesmond.com/blog/how-to-authenticate-against-active-director
y-from-cisco-ios/

http://filedb.experts-exchange.com/incoming/2008/12_w51/87700/TA0001-Win
dows-2008-RADIUS-for-C.pdf

When I am doing a debug against the AAA I am getting the "Response (32)
failed decrypt" error. Any thoughts? Thank you in advance.

M.A.R

Welch_Bryan · January 18, 2011, 9:23pm

Can you post your config on the router?

Also, this may be better to post over at cisco-nsp.

B

ML11 · January 19, 2011, 12:30am

I know $myemployer Uses Cisco ACS to hit AD for logins. Maybe use tac+ to then query AD.

Gary_Steers1 · January 19, 2011, 12:38am

I've set it up on 2003 before, found this article...
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/bfbbbae4-a280-4b3f-b214-02867b7d33e3/

<http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/bfbbbae4-a280-4b3f-b214-02867b7d33e3/>it
may be of use.

Essentially on 2k3 it was a case of IAS and setting up the Cisco to use
auth-port 1645

Looking at this you use NPS and change the port