• September 21, 2020, 11:57:58 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: RADIUS Authentication failure for ERS 8300 password length is morethan 16.  (Read 4009 times)

0 Members and 1 Guest are viewing this topic.

Offline Faizan

  • Rookie
  • **
  • Posts: 8
We have 2 ERS 8300 & 4 ERS 8600 in our network. I face authentication failure on ERS 8300 for profile with password length  more than 16, but same accepted in the case of ERS 8600.Configuration looks fine.

After analyzing packet capture during authentication process on both ERS 8300 & ERS 8600, I was able to notice that the user passwords were getting cut off at 16 characters.

I suppose that 16 characters is a limitation of the 8600 RADIUS implementation (at least at 5.1.1.1), But is it limitation for 8300?or a cosmetic error ?

Searched AVAYA support , but could not find anything related to it.

SOFTWARE VERSION :
ERS 8600 : 5.1.8.3
ERS 8300 : 4.2.8.11

RADIUS Vendor : Microsoft NPS

Thanks in Advance

Faizan


Offline MatzeKS

  • Sr. Member
  • ****
  • Posts: 311
    • matzeks
    • Controlware GmbH - Germany
Hi Faizan,

I found this on my "boxes":

# ERS-8310 (4.2.1.0)
ERS-8310:5 config radius server create 1.1.1.1 key ?
secret key
0 - 20

# ERS-8610 (5.1.3.1)
ERS-8610:5# config radius server create 1.1.1.1 ?
add radius server
Required parameters:
<ipaddr>         = ip address {a.b.c.d}
secret <value> = secret key {string length 0..32}
------------------------------------------------------
ACE-Fx #00050

Offline Faizan

  • Rookie
  • **
  • Posts: 8
Hi Matze,

Thank you for reply.

Are you saying that , It is issue with command or it is limit???

Radius Config on my boxes.

ERS 8300
radius server create 100.239.20.251 key ****** priority 1 source-ip 100.239.0.204
radius server create 100.239.20.252 key ****** priority 2 source-ip 100.239.0.204
radius authentication-enable true
radius sourceip-flag true


ERS 8600
radius server create 100.239.20.251 secret ****** priority 1 source-ip 100.239.0.201
radius server create 100.239.20.252 secret ****** priority 2 source-ip 100.239.0.201
radius enable true
radius sourceip-flag true

Offline MatzeKS

  • Sr. Member
  • ****
  • Posts: 311
    • matzeks
    • Controlware GmbH - Germany
Hi Faizan, seems the possible key size is greater than your reported limit.

If it's possible to set a key value with greater than 16 and you are able to verify that there is an cut at 16, I'd suggest to create an Servicerequest with AVAYA Support.

Good luck
------------------------------------------------------
ACE-Fx #00050

Offline Faizan

  • Rookie
  • **
  • Posts: 8
Thanks Matze,


Yeah, raised this issue with AVAYA support.Will probably get this issue resolved.

Offline Telair

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 965
FYI, ERS 8300 release v4.2.3.12 has the fix for this problem.

"Configuring a RADIUS user with RADIUS password of more than 16 characters would result in a login failure. This issue has now been fixed and a password upto 20 characters can be used for successful RADIUS login. However, when downgrading to any previous release, care should be taken to change the RADIUS passwords for all configured RADIUS users to 16 or less characters in length. [wi01157502]"

Link to the post with the readme.
https://forums.networkinfrastructure.info/nortel-ethernet-switching/new-ers-8300-software-v4-2-3-12/
« Last Edit: April 30, 2014, 09:17:43 PM by Telair »