Why can't I log into PacketWise with RADIUS authentication?

book

Article ID: 167501

calendar_today

Updated On:

Products

PacketShaper

Issue/Introduction

My RADIUS server is configured to use Windows domain users and I have configured it with the Packeteer-specific information.

I also configured PacketWise to work with my RADIUS authentication server.

But I can't log into PacketWise with RADIUS authentication.

Resolution

Prior to PacketWise 5.3.0, the software used CHAP authentication for security. CHAP prevents clear-text passwords from being transmitted over a connection, but requires access to the clear-text password on both the user and authentication side.

PacketWise browser access cannot be used with RADIUS server configurations that do not have access to clear text passwords, such as Unix /etc/passwd and some Windows password servers. Thus, in PacketWise 5.2.x, you must define users and passwords locally.

Starting in PacketWise 5.3.0, you can specify the RADIUS authentication method: PAP or CHAP.

With PAP, both the username and password are transmitted in clear text — that is, in an unencrypted form. PAP support is provided for those environments that use a password database external to the RADIUS server.

For instructions on selecting the authentication method, see Configure RADIUS Authentication Service in PacketGuide.