Wired Intelligent Edge

Hello all.  I am wanting to configure my 2930M switches using Radius authentication with a Windows NPS Server.  I have applied the following configuration to the switch:

radius-server host x.x.x.x key <<insert-key>>
radius-server dead-time 5
radius-server timeout 10
aaa authentication login privilege-mode
aaa authentication ssh login radius local
aaa authentication ssh enable radius local

On the Windows Server, under the Network Policy Server module, I have applied the following:

• Added one switch as a radius client

• Under the Network Policies Section, I have created a new policy with the following settings & attributes:

I've obtained some settings from previous discussion posts related to the same issue, but am not able to log in using my radius credentials, or the local (manager) account.  What would I be missing, or need to add in order to get this to work?  Thanks

In your 4th screenshot, try to enable "unencrypted authentication Pap/Spap".  To troubleshoot what is wrong, look at the eventviewer under NPS to see if it is even handling your messages.

Hello all.  I am wanting to configure my 2930M switches using Radius authentication with a Windows NPS Server.  I have applied the following configuration to the switch:

radius-server host x.x.x.x key <<insert-key>>
radius-server dead-time 5
radius-server timeout 10
aaa authentication login privilege-mode
aaa authentication ssh login radius local
aaa authentication ssh enable radius local

On the Windows Server, under the Network Policy Server module, I have applied the following:

• Added one switch as a radius client

• Under the Network Policies Section, I have created a new policy with the following settings & attributes:

I've obtained some settings from previous discussion posts related to the same issue, but am not able to log in using my radius credentials, or the local (manager) account.  What would I be missing, or need to add in order to get this to work?  Thanks

Hi Cjoseph.  I have enabled the option that you had suggested, but the problem still persists.  I looked at the NPS event logs on the Windows Server, and show the following message when attempting to SSH in:

In your 4th screenshot, try to enable "unencrypted authentication Pap/Spap".  To troubleshoot what is wrong, look at the eventviewer under NPS to see if it is even handling your messages.

Hello all.  I am wanting to configure my 2930M switches using Radius authentication with a Windows NPS Server.  I have applied the following configuration to the switch:

radius-server host x.x.x.x key <<insert-key>>
radius-server dead-time 5
radius-server timeout 10
aaa authentication login privilege-mode
aaa authentication ssh login radius local
aaa authentication ssh enable radius local

On the Windows Server, under the Network Policy Server module, I have applied the following:

• Added one switch as a radius client

• Under the Network Policies Section, I have created a new policy with the following settings & attributes:

I've obtained some settings from previous discussion posts related to the same issue, but am not able to log in using my radius credentials, or the local (manager) account.  What would I be missing, or need to add in order to get this to work?  Thanks

You have something configured that I cannot see.  It is somehow hitting the "connections to other access servers" network policy.  Please start with this older post as a template:  https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=6586

Hi Cjoseph.  I have enabled the option that you had suggested, but the problem still persists.  I looked at the NPS event logs on the Windows Server, and show the following message when attempting to SSH in:

In your 4th screenshot, try to enable "unencrypted authentication Pap/Spap".  To troubleshoot what is wrong, look at the eventviewer under NPS to see if it is even handling your messages.

Hello all.  I am wanting to configure my 2930M switches using Radius authentication with a Windows NPS Server.  I have applied the following configuration to the switch:

radius-server host x.x.x.x key <<insert-key>>
radius-server dead-time 5
radius-server timeout 10
aaa authentication login privilege-mode
aaa authentication ssh login radius local
aaa authentication ssh enable radius local

On the Windows Server, under the Network Policy Server module, I have applied the following:

• Added one switch as a radius client

• Under the Network Policies Section, I have created a new policy with the following settings & attributes:

I've obtained some settings from previous discussion posts related to the same issue, but am not able to log in using my radius credentials, or the local (manager) account.  What would I be missing, or need to add in order to get this to work?  Thanks

Yes, I looked at my existing Network policies, and found that this new policy had the lowest processing order, and was being overridden by two other policies that were denying access using the EAP, MS-CHAP v1, MS-CHAP v2, SPAP and PAP authentication methods.

I have moved the new policy higher in terms of processing order, yet the problem still persists.

You have something configured that I cannot see.  It is somehow hitting the "connections to other access servers" network policy.  Please start with this older post as a template:  https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=6586

Hi Cjoseph.  I have enabled the option that you had suggested, but the problem still persists.  I looked at the NPS event logs on the Windows Server, and show the following message when attempting to SSH in:

In your 4th screenshot, try to enable "unencrypted authentication Pap/Spap".  To troubleshoot what is wrong, look at the eventviewer under NPS to see if it is even handling your messages.

Hello all.  I am wanting to configure my 2930M switches using Radius authentication with a Windows NPS Server.  I have applied the following configuration to the switch:

radius-server host x.x.x.x key <<insert-key>>
radius-server dead-time 5
radius-server timeout 10
aaa authentication login privilege-mode
aaa authentication ssh login radius local
aaa authentication ssh enable radius local

On the Windows Server, under the Network Policy Server module, I have applied the following:

• Added one switch as a radius client

• Under the Network Policies Section, I have created a new policy with the following settings & attributes:

I've obtained some settings from previous discussion posts related to the same issue, but am not able to log in using my radius credentials, or the local (manager) account.  What would I be missing, or need to add in order to get this to work?  Thanks

Is the NPS server denying the connection in the log or allowing it? 

Yes, I looked at my existing Network policies, and found that this new policy had the lowest processing order, and was being overridden by two other policies that were denying access using the EAP, MS-CHAP v1, MS-CHAP v2, SPAP and PAP authentication methods.

I have moved the new policy higher in terms of processing order, yet the problem still persists.

You have something configured that I cannot see.  It is somehow hitting the "connections to other access servers" network policy.  Please start with this older post as a template:  https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=6586

Hi Cjoseph.  I have enabled the option that you had suggested, but the problem still persists.  I looked at the NPS event logs on the Windows Server, and show the following message when attempting to SSH in:

In your 4th screenshot, try to enable "unencrypted authentication Pap/Spap".  To troubleshoot what is wrong, look at the eventviewer under NPS to see if it is even handling your messages.

Hello all.  I am wanting to configure my 2930M switches using Radius authentication with a Windows NPS Server.  I have applied the following configuration to the switch:

radius-server host x.x.x.x key <<insert-key>>
radius-server dead-time 5
radius-server timeout 10
aaa authentication login privilege-mode
aaa authentication ssh login radius local
aaa authentication ssh enable radius local

On the Windows Server, under the Network Policy Server module, I have applied the following:

• Added one switch as a radius client

• Under the Network Policies Section, I have created a new policy with the following settings & attributes:

I've obtained some settings from previous discussion posts related to the same issue, but am not able to log in using my radius credentials, or the local (manager) account.  What would I be missing, or need to add in order to get this to work?  Thanks