ProCurve / ProVision-Based
cancel
Showing results for 
Search instead for 
Did you mean: 

WIndows Server 2012R2 NPS settings for HP 2920 (J9726A)

wdodge54
Visitor

WIndows Server 2012R2 NPS settings for HP 2920 (J9726A)

Need help with Windows 2012R NPS settings for HP 2920 (J9726A) switch running  WB.16.02.0016.   I'm trying to configure switch for RADIUS authentication via NPS. 

Switch is configured and communicating with NPS correctly.  I can login at operator level with the following configured:

aaa authentication ssh login radius local

aaa authentication ssh enable radius local

When I add the following, I cannot login to the switch.  Attempts only return a password prompt when it should be allowing a direct login to "enable" mode:

aaa authentication login privilege-mode

 

NPS is configured with Service-Type=6

What is missing?  I've looked at all the posts that contain Windows 208R2 NPS settings but, being unfamiliar with NPS or anything Windows, it's greek to me...

 

Any help is appreciated.

 

 

1 REPLY
gpooleii
Occasional Visitor

Re: WIndows Server 2012R2 NPS settings for HP 2920 (J9726A)

Wendall, for the benefit of others, I'll post this here since I see no one has followed up on your request.

You must first manually edit the dnary.xml file in c:\windows\system32\ias if this has not already been done.

Open the file in Notepad or equivalent

Find the Login-Service attribute

Add the following four lines under the <StandardValues> portion of Login-Service

<StandardValue>

<Name>SSH</Name>

<Value>50</Value>

</StandardValue>

Save the file and reboot the server (you MUST reboot the server; service restart is not sufficient)

In NPS you must do the following:

Create a RADIUS client for the HP 2920 switch

Create a Network Policy for the HP 2920 that contains the following RADIUS Standard Attributes

Framed-Protocol:   PPP

Login-Service:   SSH

Service-Type:   Administrative

The Login-Service portion of my dnary.xml files is attached for clarity.