I'm not an NPS expert, but think there has been hardening of Active Directory over time including access to password information. You may need to relax the security settings, or add your switch as a logon location for the account. Also make sure that you configured PAP for your authentication (not CHAP/MSCHAP). Maybe Microsoft support can assist you to find the issue?
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Sep 20, 2024 09:14 AM
From: jhugery@bladetechinc.com
Subject: ArubaOS-CX Radius auth using Microsoft NPS
Checked there already. It says bad username and password, but I can use the same username and password to sign into AD from a server
Original Message:
Sent: Sep 17, 2024 04:58 PM
From: mholden
Subject: ArubaOS-CX Radius auth using Microsoft NPS
The Code Access-Reject is NPS rejecting the authentication.
You can check the Event Viewer under Custom Views -> Server Roles Network Policy Server to see the access reject information.
Could be bad user/pass, user not in the AD group your looking from in the conditions or one of the other conditions in NPS not policy not being met.
Original Message:
Sent: Sep 16, 2024 11:41 AM
From: jhugery@bladetechinc.com
Subject: ArubaOS-CX Radius auth using Microsoft NPS
I have been attempting to follow Aruba AOS-CX – RADIUS Authentication with Microsoft NPS | Wired Intelligent Edge (arubanetworks.com).
Nothing positive has resulted so far. Using WireShark, I see the request making it to the NPS server, but that server continually rejects the request. See this.
Any ideas?