Wired Intelligent Edge

 View Only
last person joined: 15 hours ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Expand all | Collapse all

ArubaOS-CX Radius auth using Microsoft NPS

This thread has been viewed 30 times
  • 1.  ArubaOS-CX Radius auth using Microsoft NPS

    Posted 25 days ago

    I have been attempting to follow Aruba AOS-CX – RADIUS Authentication with Microsoft NPS | Wired Intelligent Edge (arubanetworks.com).

    Nothing positive has resulted so far.  Using WireShark, I see the request making it to the NPS server, but that server continually rejects the request.  See this.

    Sample Wireshark Result of Rejection
    Any ideas?


  • 2.  RE: ArubaOS-CX Radius auth using Microsoft NPS

    Posted 25 days ago

    Hello, you can see more details in the event viewer on the Windows Server where NPS is installed.

    Most likely there are some mismatches in configuration between the switch and NPS but would need more detailed information what your configuration looks like.




  • 3.  RE: ArubaOS-CX Radius auth using Microsoft NPS

    Posted 24 days ago

    Chris, 

    Thanks for the quick response.  Do you need a copy of the running config?  Is there anything you need from NPS?




  • 4.  RE: ArubaOS-CX Radius auth using Microsoft NPS

    Posted 24 days ago

    The Code Access-Reject is NPS rejecting the authentication.

    You can check the Event Viewer under Custom Views ->  Server Roles Network Policy Server to see the access reject information. 

    Could be bad user/pass, user not in the AD group your looking from in the conditions or one of the other conditions in NPS not policy not being met. 




  • 5.  RE: ArubaOS-CX Radius auth using Microsoft NPS

    Posted 21 days ago

    Checked there already.  It says bad username and password, but I can use the same username and password to sign into AD from a server




  • 6.  RE: ArubaOS-CX Radius auth using Microsoft NPS

    Posted 19 days ago

    I'm not an NPS expert, but think there has been hardening of Active Directory over time including access to password information. You may need to relax the security settings, or add your switch as a logon location for the account. Also make sure that you configured PAP for your authentication (not CHAP/MSCHAP). Maybe Microsoft support can assist you to find the issue?



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 7.  RE: ArubaOS-CX Radius auth using Microsoft NPS

    Posted 17 days ago

    I think it is recommended to use EAP-TLS instead.

    There were a view patches in the last view months because of some vulnerabilities in the radius protocol.