- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Re: Secondary Local Authentication Failed
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-17-2013 10:50 PM
тАО12-17-2013 10:50 PM
Secondary Local Authentication Failed
Hi,
I am trying to setup a radius authentication against Windows NPS using our AD credential. For this part its working well. Problem I am having is the secondary login which is the local account. I am using a ProCurve J9022A Switch 2810-48G Software revision N.11.52
Error from log;-
auth: Invalid user name/password on SSH session
Config;-
aaa authentication login privilege-mode
aaa authentication telnet login radius local
aaa authentication telnet enable radius local
aaa authentication ssh login radius local
aaa authentication ssh enable radius local
radius-server key password123
radius-server host 10.10.10.10
Show Authentication;-
Status and Counters - Authentication Information
Login Attempts : 3 Respect Privilege : Enabled
| Login Login Enable Enable
Access Task | Primary Secondary Primary Secondary
----------- + ---------- ---------- ---------- ----------
Console | Local None Local None
Telnet | Radius Local Radius Local
Port-Access | Local
Webui | Local None Local None
SSH | Radius Local Radius Local
Web-Auth | ChapRadius
MAC-Auth | ChapRadius
Any help on why radius authentication is working but not the secondary local authentication?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-27-2014 12:39 PM
тАО01-27-2014 12:39 PM
Re: Secondary Local Authentication Failed
You need to create local users on the switch, i.e.
password manager username fred
you will then be prompted to create a password for the manager account, this will be the fall-back credentials if the remote (Radius) authentication server is not available.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-30-2014 04:41 AM
тАО01-30-2014 04:41 AM
Re: Secondary Local Authentication Failed
The secondary method is only for a fallback scenario, it will not work if teh NPS server is online. You would need to disable the NPS service on the NPS server to test the secondary method - or block the ports you have radius listening on (1812/1645 as default). As long as the NPS server responds to the radius auth request from the switch it will check against the NPS policies and not fallback to local switch authentication even if the user attempting to login is not in the group you have setup in the policy.
HTH
Don't forget to mark a post resolved if your question was answered.