- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- HP Procurve AAA authentication to RADIUS not worki...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-14-2017 10:45 PM
09-14-2017 10:45 PM
HP Procurve AAA authentication to RADIUS not working
Hi Guys
Nedd Help Here. I have a HP Procurve switch J9627A 2620-48-PoEP Switch with Software revision RA.15.13.0014 and HP Procurve switch J9776A 2530-24G Switch with Software revision YA.15.12.0007, that will authenticate to RADIUS (Windows 2012 NPS) but not working. We already created a group for this in the AD and registered the NPS to the domain. Below is my configuration.
Windows Server 2012 NPS Configuration:
- Radius Client =
Settings:
Friendlyname (HO19xxx), IP (172.x.x.31), Shared secret Manual (Ourkeysecret)
Advance:
Vendor Name (RADIUS Standard), Additional Options (all unchecked)
- Connection Request Policy=
Conditions:
Domain\NetAd, NAS Port Type = VPN, Client Friendlyname (HO19xxx), Client IP (172.x.x.31)
- Nework Policies =
Overview:
Policy enabled (checked), Grant Access, Type of network access server (Unspecified)
Conditions:
Conditions = Domain\NetAd, NAS port type (VPN), Authentication Type (PAP)
Constraints:
Authentication Methods = All unchecked expect for "Unecrypted authentication (PAP, SPAP)
Idle timeout, Session Timeout, Caller Station ID, Day and Time restrict are as is
NAS Port Type = VPN
Settings:
Standard = Service-Type (Administrative)
Vendor Specific = None
NAP Enforcement = Disabled Auto-remediation
Extended State = Blank
Multilink & BW allocation protocol = Multilink (Server settings determine usage) BAP (50% 2 mins)
IP Filters = None
Encryption = All is checked
IP Settings = Server settings determine IP Add Assignment
HP Procurve 2620 & 2530 Configuration:
radius-server host 192.x.x197 key Ourkeysecret
radius-server host timeout 10
aaa authentication login privilege-mode
aaa authentication ssh login radius local
aaa authentication ssh enable radius local
aaa accounting commands stop-only radius
aaa accounting update periodic 10
aaa accounting exec start-stop radius
aaa accounting network start-stop radius
aaa accounting system start-stop radius
aaa accounting session-id common
The aaa accounting is working as it sends logs to the RADIUS Server but the authentication parts is now working. I've tried all the combinations of:
-Authentication Types
- NAS Port Type (Ethernet and VPN)
- Ignore user account dial-in properties (check and uncheck)
- Radius Attribute Standard = Frame-protocol (PPP), Service-Type (Login and Administrative),
- Tried Vendor Specific Attributes for Cisco-AVPair
But still it doesn't work...
I'm guessing that it has something to do with VSA (Vendor Specific Attributes), but i have no idea how to configure it. Hope you could help me guys.
Thanks in advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2017 05:19 PM
09-16-2017 05:19 PM
Re: HP Procurve AAA authentication to RADIUS not working
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2017 06:15 AM
09-19-2017 06:15 AM
Re: HP Procurve AAA authentication to RADIUS not working
This is what i saw on the wireshark packet capture when Radius Client and Radius Server are having conversation.
Radius Client [ACCESS-REQUEST]
username(1): my_username
user-password(2): encrypted
NAS-IP-Address(4): 172.x.x31
NAS-Identifier(32): HO19xxx
NAS-Port-type(61): Virtual(5)
Service-type(6): Exec-user(7)
Message-authenticator(80): <hashes>
vendor-specific(26) v=Microsoft(311)
MS-RAS-Vendor(9): 11
Calling-station-id(31): 172.x.x.166
Radius Server [ACCESS-REJECT]
----------------------------------------------------
I've mirror the config on the network policies conditions and constraints, username and passoword are working on AD
CONDITIONS:
username: my_username
user-password: my_password
NAS-IP-Address: 172.x.x31
NAS-Identifier: HO19xxx
NAS-Port-type: VPN
Service-type: NAS-Prompt user
Message-authenticator: PAP
Client Vendor: Microsoft
MS-RAS-Vendor: 11
Calling-station-id(31): 172.x.x.166
CONSTRAINTS:
Authentication: PAP
NAS Port Type: VPN
SETTINGS:
Radius Attributes = Standard: Service Type: Administrative
.......all other settings are default
Am i missing something of configured wrong. Please help me on this guys
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2017 06:52 PM
09-19-2017 06:52 PM
Re: HP Procurve AAA authentication to RADIUS not working
Any help guys?!!... Please
Tnx