cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Printz
Fanfold Paper
Posts: 1
Registered: ‎02-08-2018
Location: DK
Views: 549
Message 1 of 6

RADIUS authentication with Windows NPS - CNOS 10.6.2 (NE10032)

Hi,

 

I'm trying to setup AAA and RADIUS with Windows NPS as the RADIUS server.

 

I got the authentication part working, ie. I match a Connection Request and a Network Policy, but I am still not allowed to actually log in to the switch.

 

Do I need to pass any Vendor-specific attributes in my Network Policy? The way I understand the application guide, it's not needed if you don't want to differentiate between network operator and admin roles.

 

ALex192
Punch Card
Posts: 30
Registered: ‎07-18-2017
Location: RU
Views: 230
Message 2 of 6

Re: RADIUS authentication with Windows NPS - CNOS 10.6.2 (NE10032)

Hi! Managed to solve the problem?

Lenovo Employee mslavin
Lenovo Employee
Posts: 135
Registered: ‎03-31-2015
Location: US
Views: 222
Message 3 of 6

Re: RADIUS authentication with Windows NPS - CNOS 10.6.2 (NE10032)

Hi Alex,

 

Some questions:

Can you ping the RADIUS server from the switch (ping 192.168.253.4 vrf management)?

Can you share details on exactly where/how it is failing?

Are there any messages in the RADIUS server log that provide any feedback on the issue?

 

Thanks, Matt

ALex192
Punch Card
Posts: 30
Registered: ‎07-18-2017
Location: RU
Views: 219
Message 4 of 6

Re: RADIUS authentication with Windows NPS - CNOS 10.6.2 (NE10032)

1. Yes, I can ping from the radius of the server

2. Can you share details on exactly where / how it is failing? - I did not understand the question.

3. Yes, there is a message on the radius of the server. The message that access is allowed. Wireshark looked too

Lenovo Employee mslavin
Lenovo Employee
Posts: 135
Registered: ‎03-31-2015
Location: US
Views: 210
Message 5 of 6

Re: RADIUS authentication with Windows NPS - CNOS 10.6.2 (NE10032)

For item 2, can you post a screen shot from the login session when the switch asks for your credentials and rejects them? Want to see the failure sequence and any messages.

 

Thanks, Matt

ALex192
Punch Card
Posts: 30
Registered: ‎07-18-2017
Location: RU
Views: 208
Message 6 of 6

Re: RADIUS authentication with Windows NPS - CNOS 10.6.2 (NE10032)

included a debug for aaa. There are no posts to display.

 

Here that gives out:   (the account is working and not locked)

 

login as: testname

Using keyboard-interactive authentication.
Account locked due to 21 failed logins
Password:
Using keyboard-interactive authentication.
Remote RADIUS servers unreachable
Access denied
Using keyboard-interactive authentication.
Account locked due to 22 failed logins

Password:

Holiday Deals
HAPPENING NOW!

Get the best deals on PCs and tech now during the Holiday Sale
Shop the sale