Auth Failed with http access

Discussion in 'Cisco' started by David Dawson, Apr 8, 2004.

  1. David Dawson

    David Dawson Guest

    Hi,

    Am having trouble with my newly configured Aironet 1100. Just got it
    out of the package and was configuring it via browser. I modified the
    admin account from the default. It works fine (clients able to use)
    but I haven't been able to log on to the darn thing via browser since
    I changed the admin account.

    Since then, I've tried to open a browser to log on. It asks me for my
    password, asks again, then asks again then finally says "Authorization
    Required
    Browser not authentication-capable or authentication failed."

    But I *can* log on with the same id/password to the CLI. I *can*
    create a new privileged account and log on to the CLI with that. I
    have created another privileged account with only lower case
    credentials. None of these accounts can log on via the browser.

    What can I do to restore browser-based access?

    Many thanks in advance.

    David Dawson
     
    David Dawson, Apr 8, 2004
    #1
    1. Advertising

  2. On 8 Apr 2004 12:51:47 -0700, (David Dawson) wrote:

    ~ Hi,
    ~
    ~ Am having trouble with my newly configured Aironet 1100. Just got it
    ~ out of the package and was configuring it via browser. I modified the
    ~ admin account from the default. It works fine (clients able to use)
    ~ but I haven't been able to log on to the darn thing via browser since
    ~ I changed the admin account.
    ~
    ~ Since then, I've tried to open a browser to log on. It asks me for my
    ~ password, asks again, then asks again then finally says "Authorization
    ~ Required
    ~ Browser not authentication-capable or authentication failed."
    ~
    ~ But I *can* log on with the same id/password to the CLI. I *can*
    ~ create a new privileged account and log on to the CLI with that. I
    ~ have created another privileged account with only lower case
    ~ credentials. None of these accounts can log on via the browser.
    ~
    ~ What can I do to restore browser-based access?
    ~
    ~ Many thanks in advance.
    ~
    ~ David Dawson
    ~

    telnet into the AP, get "show tech". Cut out
    the current running-config, i.e. the part between
    "show running-config" and "show stacks". Edit
    out any sensitive security info if you like.
    Then let's see what you've got.

    Basically, you will want to have "ip http authentication local"
    (which is the default) or else (assuming that you have
    "aaa new-model" use "ip http authentication aaa" then have
    your default AAA authentication method be local.

    Aaron
     
    Aaron Leonard, Apr 9, 2004
    #2
    1. Advertising

  3. David Dawson

    David Dawson Guest

    Aaron,

    Thanks very much for the assistance. I've set "ip http authentication
    local" as you suggested and have posted the running-config here
    (stopped after the interface info):

    David
    ------------

    CiscoWAP#show tech

    ------------------ show version ------------------

    Cisco Internetwork Operating System Software
    IOS (tm) C1100 Software (C1100-K9W7-M), Version 12.2(13)JA1, EARLY
    DEPLOYMENT RE
    LEASE SOFTWARE (fc1)
    TAC Support: http://www.cisco.com/tac
    Copyright (c) 1986-2003 by cisco Systems, Inc.
    Compiled Fri 14-Nov-03 15:08 by kellmill
    Image text-base: 0x00003000, data-base: 0x0053CC88

    ROM: Bootstrap program is C1100 boot loader
    BOOTLDR: C1100 Boot Loader (C1100-BOOT-M) Version 12.2(8)JA, EARLY
    DEPLOYMENT RE
    LEASE SOFTWARE (fc1)

    CiscoWAP uptime is 6 days, 23 hours, 7 minutes
    System returned to ROM by power-on
    System image file is
    "flash:/c1100-k9w7-mx.122-13.JA1/c1100-k9w7-mx.122-13.JA1"


    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are
    unable
    to comply with U.S. and local laws, return this product immediately.

    A summary of U.S. laws governing Cisco cryptographic products may be
    found at:
    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

    If you require further assistance please contact us by sending email
    to
    .

    cisco AIR-AP1120B-A-K9 (PowerPCElvis) processor (revision B0) with
    14326K/20
    48K bytes of memory.
    Processor board ID FOC07431M0H
    PowerPCElvis CPU at 197Mhz, revision number 0x0950
    Last reset from power-on
    Bridging software.
    1 FastEthernet/IEEE 802.3 interface(s)
    1 802.11 Radio(s)

    32K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address: 00:0E:38:64:74:00
    Part Number : 73-7886-06
    PCA Assembly Number : 800-21481-06
    PCA Revision Number : B0
    PCB Serial Number : FOC07431M0H
    Top Assembly Part Number : 800-22053-04
    Top Assembly Serial Number : FHK0802V0EK
    Top Revision Number : A0
    Product/Model Number : AIR-AP1120B-A-K9

    Configuration register is 0xF


    ------------------ show running-config ------------------


    Building configuration...

    Current configuration : 2583 bytes
    !
    version 12.2
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname CiscoWAP
    !
    enable secret 5 <removed>
    !
    username 00904b67631a password 7 <removed>
    username 00904b67631a autocommand exit
    username 00904b6774bc password 7 <removed>
    username 00904b6774bc autocommand exit
    username 00904b677f5b password 7 <removed>
    username 00904b677f5b autocommand exit
    username 00904b67652a password 7 <removed>
    username 00904b67652a autocommand exit
    username 00904b48c914 password 7 <removed>
    username 00904b48c914 autocommand exit
    username 00904b72b570 password 7 <removed>
    username 00904b72b570 autocommand exit
    username Administrator privilege 15 password 7 <removed>
    username admin privilege 15 password 7 <removed>
    ip subnet-zero
    !
    aaa new-model
    !
    !
    aaa group server radius rad_eap
    !
    aaa group server radius rad_mac
    !
    aaa group server radius rad_acct
    !
    aaa group server radius rad_admin
    !
    aaa group server tacacs+ tac_admin
    !
    aaa group server radius rad_pmip
    !
    aaa group server radius dummy
    !
    aaa authentication login eap_methods group rad_eap
    aaa authentication login mac_methods local
    aaa authorization exec default local
    aaa authorization ipmobile default group rad_pmip
    aaa accounting network acct_methods start-stop group rad_acct
    aaa session-id common
    dot11 network-map
    !
    bridge irb
    !
    !
    interface Dot11Radio0
    no ip address
    no ip route-cache
    !
    encryption key 1 size 128bit 7 EA45351E434A50330C70697A1323
    transmit-key
    encryption mode wep mandatory
    !
    ssid Educate2
    authentication open
    guest-mode
    infrastructure-ssid
    !
    speed basic-1.0 2.0 5.5 11.0
    rts threshold 2312
    station-role root
    no dot11 extension aironet
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    !
    interface FastEthernet0
    ip address 192.168.0.150 255.255.255.0
    no ip route-cache
    duplex auto
    speed auto
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    !
    interface BVI1
    ip address 192.168.0.130 255.255.255.0
    no ip route-cache
    !
    ip default-gateway 192.168.0.1
    ip http server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    /ivory/1100
    ip http authentication local
    ip radius source-interface BVI1
    radius-server attribute 32 include-in-access-req format %h
    radius-server authorization permit missing Service-Type
    radius-server vsa send accounting
    bridge 1 route ip
    !
    !
    line con 0
    line vty 5 15
    !
    end


    ------------------ show stacks ------------------


    Minimum process stacks:
    Free/Size Name
    5084/6000 soap_flash init
    8792/12000 Init
    3156/6000 vidb clone Process
    5432/6000 RADIUS INITCONFIG
    6776/12000 HTTP Server
    8920/12000 Virtual Exec
    9184/12000 Soap Upgrade fetch Config File

    Interrupt level stacks:
    Level Called Unused/Size Name
    4 2499155 8224/9000 dot11 radio interrupt
    6 60345 8956/9000 NS16550 VECTOR

    ------------------ show interfaces ------------------


    BVI1 is up, line protocol is up
    Hardware is BVI, address is 000e.3864.7400 (bia 0040.96a0.f24f)
    Internet address is 192.168.0.130/24
    MTU 1500 bytes, BW 11000 Kbit, DLY 5000 usec,
    reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA, loopback not set
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input never, output never, output hang never
    Last clearing of "show interface" counters never
    Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops:
    0
    Queueing strategy: fifo
    Output queue: 0/0 (size/max)
    5 minute input rate 0 bits/sec, 0 packets/sec
    5 minute output rate 2000 bits/sec, 3 packets/sec
    0 packets input, 0 bytes, 0 no buffer
    Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
    4561 packets output, 842656 bytes, 0 underruns
    0 output errors, 0 collisions, 0 interface resets
    0 output buffer failures, 0 output buffers swapped out
    Dot11Radio0 is up, line protocol is up
    Hardware is 802.11B Radio, address is 0040.96a0.f24f (bia
    0040.96a0.f24f)
    MTU 1500 bytes, BW 11000 Kbit, DLY 1000 usec,
    reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA, loopback not set
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input 00:00:15, output 00:00:00, output hang never
    Last clearing of "show interface" counters never
    Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops:
    4704
    Queueing strategy: fifo
    Output queue: 0/30 (size/max)
    5 minute input rate 0 bits/sec, 0 packets/sec
    5 minute output rate 2000 bits/sec, 3 packets/sec
    135902 packets input, 24142702 bytes, 0 no buffer
    Received 473 broadcasts, 0 runts, 0 giants, 0 throttles
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
    0 input packets with dribble condition detected
    169456 packets output, 22981981 bytes, 0 underruns
    20 output errors, 0 collisions, 2 interface resets
    0 babbles, 0 late collision, 0 deferred
    0 lost carrier, 0 no carrier
    0 output buffer failures, 0 output buffers swapped out
    FastEthernet0 is up, line protocol is up
    Hardware is PowerPCElvis Ethernet, address is 000e.3864.7400 (bia
    000e.3864.74
    00)
    Internet address is 192.168.0.150/24
    MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
    reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA, loopback not set
    Full-duplex, 100Mb/s, MII
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input 00:00:00, output 00:00:00, output hang never
    Last clearing of "show interface" counters never
    Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops:
    0
    Queueing strategy: fifo
    Output queue: 0/40 (size/max)
    5 minute input rate 7000 bits/sec, 10 packets/sec
    5 minute output rate 2000 bits/sec, 3 packets/sec
    2754500 packets input, 234608696 bytes
    Received 2011451 broadcasts, 0 runts, 0 giants, 0 throttles
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
    0 watchdog
    0 input packets with dribble condition detected
    144702 packets output, 20649513 bytes, 0 underruns
    0 output errors, 0 collisions, 2 interface resets
    0 babbles, 0 late collision, 0 deferred
    0 lost carrier, 0 no carrier
    0 output buffer failures, 0 output buffers swapped out
    Virtual-Dot11Radio0 is down, line protocol is down
    Hardware is Virtual Dot11 interface, address is 0040.96a0.f24f (bia
    0040.96a0.
    f24f)
    MTU 1500 bytes, BW 11000 Kbit, DLY 1000 usec,
    reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA, loopback not set
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input never, output never, output hang never
    Last clearing of "show interface" counters 6d23h
    Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops:
    0
    Queueing strategy: fifo
    Output queue: 0/30 (size/max)
    5 minute input rate 0 bits/sec, 0 packets/sec
    5 minute output rate 0 bits/sec, 0 packets/sec
    0 packets input, 0 bytes, 0 no buffer
    Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
    0 input packets with dribble condition detected
    0 packets output, 0 bytes, 0 underruns
    0 output errors, 0 collisions, 0 interface resets
    0 babbles, 0 late collision, 0 deferred
    0 lost carrier, 0 no carrier
    0 output buffer failures, 0 output buffers swapped out



    Aaron Leonard <> wrote in message news:<>...
    > On 8 Apr 2004 12:51:47 -0700, (David Dawson) wrote:
    >
    > ~ Hi,
    > ~
    > ~ Am having trouble with my newly configured Aironet 1100. Just got it
    > ~ out of the package and was configuring it via browser. I modified the
    > ~ admin account from the default. It works fine (clients able to use)
    > ~ but I haven't been able to log on to the darn thing via browser since
    > ~ I changed the admin account.
    > ~
    > ~ Since then, I've tried to open a browser to log on. It asks me for my
    > ~ password, asks again, then asks again then finally says "Authorization
    > ~ Required
    > ~ Browser not authentication-capable or authentication failed."
    > ~
    > ~ But I *can* log on with the same id/password to the CLI. I *can*
    > ~ create a new privileged account and log on to the CLI with that. I
    > ~ have created another privileged account with only lower case
    > ~ credentials. None of these accounts can log on via the browser.
    > ~
    > ~ What can I do to restore browser-based access?
    > ~
    > ~ Many thanks in advance.
    > ~
    > ~ David Dawson
    > ~
    >
    > telnet into the AP, get "show tech". Cut out
    > the current running-config, i.e. the part between
    > "show running-config" and "show stacks". Edit
    > out any sensitive security info if you like.
    > Then let's see what you've got.
    >
    > Basically, you will want to have "ip http authentication local"
    > (which is the default) or else (assuming that you have
    > "aaa new-model" use "ip http authentication aaa" then have
    > your default AAA authentication method be local.
    >
    > Aaron
     
    David Dawson, Apr 15, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. a.nonny mouse
    Replies:
    2
    Views:
    1,184
  2. Christian Hewitt
    Replies:
    0
    Views:
    3,028
    Christian Hewitt
    Apr 24, 2005
  3. Scott
    Replies:
    1
    Views:
    8,972
    ScottF
    Aug 4, 2004
  4. Galerio
    Replies:
    2
    Views:
    890
    Galerio
    Mar 14, 2009
  5. milan_9211

    HTTP SOAP/HTTP GET/HTTP POST

    milan_9211, Jan 10, 2011, in forum: Software
    Replies:
    0
    Views:
    3,202
    milan_9211
    Jan 10, 2011
Loading...

Share This Page