Server 2012 NPS with Comware 5 /7 AD authentication

WayneWIlson · ‎04-23-2017

Hi,

I want to be able to login to all switches wiht domain credentials and when users are created in AD they will be able to login to the HP switches with either read only acces or manager access. I have Radius setup on server 2012 NPS and I have a HP 5130 R3106.

Attached is the NPS config

Configs from HP Switch:

#
line class aux
user-role network-admin
#
line class vty
authentication-mode scheme
user-role network-admin
user-role network-operator

#

radius scheme mrc
primary authentication 10.5.15.114
key authentication cipher $c$3$9CDAVtV4raGniCCp4rQN3qluzllgvWo=
timer quiet 1
timer response-timeout 5
user-name-format keep-original
nas-ip 10.7.253.5

#

domain mrc
authorization-attribute idle-cut 5 10240
authentication login radius-scheme mrc local
authorization login radius-scheme mrc local

#

domain default enable mrc

WayneWIlson · ‎04-23-2017

Unable load jpg, png of the NPS setup.

Connection request policy:

Conditions : NAS Identifier - value test-?

Network Policies

Condition

User (Group domain\domain admins) : service-type Login

Constraints

authentication ticke MS-CHAPv2 / MS-CHAP / PAP,SPAP

Settings:

Framed-Protocol : PPP

Service-Type: Administrative

Vendor Specific : Cisco-AV-Pair / Vendor Cisco / Value shell:roles="network-admin"

I ran Wireshark and Radius Access-request and access-accept.

on the CLI I get Login Failed. NPS logs "Network Policy Server granted access to a user"

Server 2012 NPS with Comware 5 /7 AD authentication

Server 2012 NPS with Comware 5 /7 AD authentication

Re: Server 2012 NPS with Comware 5 /7 AD authentication

Hewlett Packard Enterprise International