HPE Community
Comware Based
1753326 Members
5060 Online
108792 Solutions
New Discussion

Radius Auth Problem with 5500/5900

 
kevinhobson200
Occasional Contributor

‎12-18-2013 07:55 AM

‎12-18-2013 07:55 AM

Radius Auth Problem with 5500/5900

Hi,

 

I have an issue with radius authentication on HP 5500/5900A series switches and MS NPS for the radius service.

 

Basically what happens is it is hitting the correct policy and the radius server is allowing the login but the switch rejects the login.  With wrong user/pass.

 

I have the H3EXEC for one and the shell:cisco for the other and have even tried login service telnet to no avail.

 

Config below:

 

 

radius scheme test
 primary authentication x.x.x.x
 key authentication cipher $c$3$UnIaQo11Hl1vhSqAmUj3xF8eWf4oqrnNU+a6SVT6nReffQ==
 user-name-format without-domain
 nas-ip x.x.x.x

domain test
 authentication login radius-scheme testf local

 

 

 

Any help appreciated.

 

Cheers

 

Kev

 

 

0 Kudos
1 REPLY 1
Pete W
Valued Contributor

‎12-18-2013 02:54 PM

‎12-18-2013 02:54 PM

Re: Radius Auth Problem with 5500/5900

Comware is quite fussy about the RADIUS return attributes it recieves, and you will need to make some "slight" modifications to your NPS server's schema to get it working. The following page should give you the info you need:

 

http://hpnetworkers.blogspot.co.uk/2011/05/hp-series-h3c-comware-radius.html

 

Regards,

 

Pete

 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.