- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Authenticate users with 802.1x using Radius NPS Se...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-01-2021 10:56 AM
тАО04-01-2021 10:56 AM
Authenticate users with 802.1x using Radius NPS Server COMWARE 5
Authenticate users with 802.1x using Radius NPS Server
I am trying to authenticate network users through 802.1x with the RADIUS NPS server (Microsoft). Using the HPE 1920 Coware5 Switch.
Here are the configurations I made:
radius scheme poc
server-type extended
primary authentication 10.10.10.36 key cipher $ c $ 3 $ H8Kj1Wq6vOPbeP2 + TtyGJfp4ZepkRhjm7O8qIXxiRFZ4
primary accounting 10.10.10.36 key cipher $ c $ 3 $ kGzN8Hs + xsGVZL1cVUzso4BHi5LJnZkZePxU7z1mLspW
key authentication cipher $ c $ 3 $ EQ / Uyt6JI1DmQOA6H2tIIkhxXA0iKTiTvJDYoraGqmz9
key accounting cipher $ c $ 3 $ uEU9hsmFqhI + 1eXLXPcWSst5uaTqSbbRY7tdv3IK00s2
user-name-format without-domain
nas-ip 10.10.10.1
domain poc
authentication login radius-scheme poc local
authorization login radius-scheme poc local
accounting login radius-scheme local poc
authentication lan-access radius-scheme poc local
authorization lan-access radius-scheme poc local
accounting lan-access radius-scheme local poc
access-limit disable
state active
idle-cut disable
self-service-url disable
domain default enable poc
dot1x
dot1x retry 10
dot1x authentication-method eap
NETWORK INTERFACE SETTINGS
GigabitEthernet interface1 / 0/11
auto-power-down port
stp edged-port enable
undo dot1x handshake
dot1x mandatory-domain poc
undo dot1x multicast-trigger
dot1x port-method portbased
dot1x
Radius nps settings
Authentication rule
* Condition * Value
NAS Port Type Ethernet
3Com Vendor Client
Local User Groups local\ Domain Users
Authentication Type EAP
The requisition packages for authentication arrive perfectly at the NPS Server, the user to be authenticated is part of the Group specified in the rule, but the authentication is flawed, the NPS server log always presents the same reason:
Authentication failed due to a user credentials mismatch.Either the user name provided does not map 'to an existing user account of incorrect.
Anyone with the example of a rule that should be created on the NPS server?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-08-2021 04:34 PM
тАО04-08-2021 04:34 PM
Re: Authenticate users with 802.1x using Radius NPS Server COMWARE 5
Hi @JCDINIZ1
Are you still facing the issue. Can you try configuring the 'server-type standard' instead of 'extended' under 'radius scheme poc'
Also on the NPS Radius authentication rule settings, can you try excluding the 3Com as Vendor Client.
I am an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-27-2021 11:46 AM
тАО04-27-2021 11:46 AM
Re: Authenticate users with 802.1x using Radius NPS Server COMWARE 5
Hi @drk787
thanks for helping
I followed your tips
When I configured "'server-type standard", see how the configuration was on the switch:
display current-configuration configuration radius-template
radius scheme poc
primary authentication 10.10.10.36 key cipher $ c $ 3 $ H8Kj1Wq6vOPbeP2 + TtyGJfp4ZepkRhjm7O8qIXxiRFZ4
primary accounting 10.10.10.36 key cipher $ c $ 3 $ kGzN8Hs + xsGVZL1cVUzso4BHi5LJnZkZePxU7z1mLspW
key authentication cipher $ c $ 3 $ EQ / Uyt6JI1DmQOA6H2tIIkhxXA0iKTiTvJDYoraGqmz9
key accounting cipher $ c $ 3 $ uEU9hsmFqhI + 1eXLXPcWSst5uaTqSbbRY7tdv3IK00s2
user-name-format without-domain
nas-ip 10.10.10.1
The "standard server-type" attribute does not appear in the configuration
I also removed "3Com as Vendor Client." but nothing worked
The error remains the same
Authentication failed due to a user credentials mismatch.Either the user name provided does not map 'to an existing user account of incorrect.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-28-2021 12:52 PM
тАО04-28-2021 12:52 PM
Re: Authenticate users with 802.1x using Radius NPS Server COMWARE 5
Once the problem was identified, the problem was in the EndPoint, it used Windows 7 Service Pack 1 and to work with 802.1x it is necessary to install the following KB:
KB2481614
KB980295
KB976373
KB2769121
KB2736878
KB2494172
KB976210
However, a new problem arose, after the success of authentication in NPS and No Switch Windows 7 or 10 still has the status "Authentication failure" and with ip 169.X.X..X
if 802.1x is removed Windows 7 and 10 includes an ip normally.