Windowws 2008 Network Policy Manager and Cisco Device Radius authentication

-

hi,

we looking migrate of our cisco devices authenticate via network policy manager radius authentication.

currently have setup npm follows:

radius client :

cisco switch friendly name, ip address , manual shared secret. advanced, vendor name cisco , saved client.

connection request policy:

overview - policy name = use windows authentication users , policy enabled, type of network access server  = unspecified

conditions = day , time restrictions-24 hour permitted -

settings = blank/default

network policies

(disabled default 1 , 2)

overview  - policy name = telecoms, policy enabled, grant access if connection request matches policy, network access server =unspecified

conditions =  usergroup, dc01/telecoms

constraints = none

settings = radius attributes => standard = service-type = framed

cisco configuration =

aaa authentication login default group radius local
aaa authentication enable default group radius enable
aaa authorization exec default group radius local

entering username , password access rdius client configured above works.  when try enter enable mode fails authenticate nps server.

i debugs router stating:

au-ho1-telecoms-3560#
aug  6 10:16:11 aest: aaa: parse name=tty2 idb type=-1 tty=-1
aug  6 10:16:11 aest: aaa: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0
aug  6 10:16:11 aest: aaa/memory: create_user (0x3672828) user='null' ruser='null' ds0=0 port='tty2' rem_addr='13.199.190.209' authen_type=ascii service=login priv=1 initial_task_id='0', vrf= (id=0)
aug  6 10:16:11 aest: aaa/authen/start (3352917067): port='tty2' list='' action=login service=login
aug  6 10:16:11 aest: aaa/authen/start (3352917067): using "default" list
aug  6 10:16:11 aest: aaa/authen/start (3352917067): method=radius (radius)
aug  6 10:16:11 aest: aaa/authen (3352917067): status = getuser
au-ho1-telecoms-3560#
aug  6 10:16:16 aest: aaa/authen/cont (3352917067): continue_login (user='(undef)')
aug  6 10:16:16 aest: aaa/authen (3352917067): status = getuser
aug  6 10:16:16 aest: aaa/authen (3352917067): method=radius (radius)
aug  6 10:16:16 aest: aaa/authen (3352917067): status = getpass
au-ho1-telecoms-3560#
aug  6 10:16:22 aest: aaa/authen/cont (3352917067): continue_login (user='au012055')
aug  6 10:16:22 aest: aaa/authen (3352917067): status = getpass
aug  6 10:16:22 aest: aaa/authen (3352917067): method=radius (radius)
aug  6 10:16:22 aest: aaa/authen (3352917067): status = pass
au-ho1-telecoms-3560#
aug  6 10:16:24 aest: aaa/memory: dup_user (0x371e220) user='au012055' ruser='null' ds0=0 port='tty2' rem_addr='13.199.190.209' authen_type=ascii service=enable priv=15 source='aaa dup enable'
aug  6 10:16:24 aest: aaa/authen/start (1584192312): port='tty2' list='' action=login service=enable
aug  6 10:16:24 aest: aaa/authen/start (1584192312): using "default" list
aug  6 10:16:24 aest: aaa/authen/start (1584192312): method=radius (radius)
aug  6 10:16:24 aest: aaa/authen (1584192312): status = getpass
au-ho1-telecoms-3560#
aug  6 10:16:30 aest: aaa/authen/cont (1584192312): continue_login (user='au012055')
aug  6 10:16:30 aest: aaa/authen (1584192312): status = getpass
aug  6 10:16:30 aest: aaa/authen (1584192312): method=radius (radius)
aug  6 10:16:30 aest: aaa/authen (1584192312): status = fail
aug  6 10:16:30 aest: aaa/memory: free_user (0x371e220) user='au012055' ruser='null' port='tty2' rem_addr='13.199.190.209' authen_type=ascii service=enable priv=15

has got instructions on how works. have been searching cisco , microsoft instructions.

 

thanks

 

 

 

 



Windows Server  >  Security



Comments

Post a Comment

Popular posts from this blog

WIMMount (HSM) causing cluster storage to go redirected (2012r2 DC)

-
looking options resolve error , prevent in future. thanks help. hardware: 2 node dell hv cluster running2012r2 dc 8 nic/ea in multiplex mode 4x hyper-v 4x hosts storage: 2x synology nas, accessed through iscsi hosts , cluster relevant logs: log name:      microsoft-windows-failoverclustering/diagnostic source:        microsoft-windows-failoverclustering date:          event id:      2050 task category: none level:         warning keywords:       user:          system computer:      l description: [dcm] filter wimmount found @ unsafe altitude 180700 log name:      system source:        microsoft-windows-failoverclustering date:         event id:      5125 task category: cluster shared volume level:         warning keywords:       user:          system computer: description: cluster shared volume 'volume1' ('cluster disk 1') has identified 1 or more active filter drivers on device stack interfere csv operatio
Read more

Failed to delete the test record dcdiag-test-record in zone test.com

-
ps c:\users\administrator.test> dcdiag /test:dns directory server diagnosis performing initial setup:    trying find home server...    home server = dc02    * identified ad forest.    done gathering initial info. doing initial required tests    testing server: default-first-site-name\dc02       starting test: connectivity          ......................... dc02 passed test connectivity doing primary tests    testing server: default-first-site-name\dc02       starting test: dns          dns tests running , not hung. please wait few minutes...          ......................... dc02 passed test dns    running partition tests on : forestdnszones    running partition tests on : domaindnszones    running partition tests on : schema    running partition tests on : configuration    running partition tests on : test    running enterprise tests on : test.com       starting test: dns          test results domain
Read more

Azure MFA with Azure AD and RDS

-
i have setup following lab in azure , need help. a server (domain controller) , remote desktop services. and server multi factor authentication server. i have setup following one http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ and when im connecting got following error. the user "domain\username", on client computer "xxx.xxx.xxx.xxx", did not meet connection authorization policy requirements , therefore not authorized access rd gateway server. authentication method used was: "ntlm" , connection protocol used: "rpc-http". following error occurred: "23003". also on security log i've got following authentication details: connection request policy name: ts gateway authorization policy network policy name: - authentication provider: radius proxy authentication server: test.test.local authentication type: - eap t
Read more