[RESOLVED] OS6900 RADIUS authentication with Microsoft NPS
Topic
Hi all,
I’m trying to configure RADIUS authentication on a OS6900-X48C6 (I’m on 8.8.56.R02) for management purposes.
I’m using Microsoft NPS a server.
On the switch I’ve got this config:
aaa radius-server “RADIUS” host 192.168.5.203 192.168.5.204 hash-key “0479F41346BE61EB2D202E816A1C0009F513E49AEAEA6AD106D2F386B4169FF1” hash-salt “690DEEF5D3E30C769287566FB6B707DB927EDF22F27AF445824BD96C2CD25E19” retransmit 3 timeout 2 auth-port 1812 acct-port 1813 vrf-name default
aaa authentication http “RADIUS” “local”
NPS is configured and I can see the succesful login attempts (event id 6272 “Network Policy Server granted access to a user.”) but the switch is giving me an error:
Authentication failure : Server configuration error, contact your administrator
I tried bot with this radius attribute and without it:
Vendor Code : 800
Vendor-assigned attribute number : 20 <Alcatel-Nms-Group>
Attribute format : String
Attribute value : Administrators
Any suggestion? Thanks.
Dario Palermo
Answers
dariopalermo
Sorry, still some issues left: I can now authenticate but I'm not seeing the whole set of commands (I'm missing, for example, Configuration under DEVICE MGMT).
I also added attributes 39 and 40 with FFFFFFFF but nothing changed... I'm flying blind as I couldn't find any kind of documentation about RADIUS attributes...
Dario Palermo
dariopalermo
Ok I just found the additional info I was missing. I had to configure all these custom, vendor specific attributes (vendor code 800):
41 - ffffffff (hexadecimal) 42 - ffffffff (hexadecimal) 9 - all (string) 20 - Administrators (string)
bye,
Dario Palermo