- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: 802.1x authentication on PROCURVE 2510G-24
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-11-2011 03:11 AM
тАО01-11-2011 03:11 AM
I've installed FREERADIUS 2.1.10 on FEDORA 11 and a client win xp sp3 (with eapp authentication enabled) linked to the server through HP PROCURVE 2510G-24 SWITCH - all configured.
The authentication is made by LDAP located on other SAMBA SERVER.
When i connect to the lan (user, password and domain) the switch contact radius server but in the "rad_recv" information i see that the switch pass a "cutted" USER-NAME.
For example i log-in in windows with user="stefano" + password="test" + domain="mydomain" and i see in rad_recv that "user-name" is developed with "mydomain\st" (stefano is truncated).
I made some test and i saw that EVERY TIME "user-name" sent to RADIUS SERVER is truncated (domain\user) on 16th character
(in other words "user-name" in structure "rad_recv" is always 16 chr.), i've tried also with othen domain available in my company but the problem remain the same.
Could it be a problem of wrong switch configuration?? Or is a problem of the client (win XP SP3 - ACTIVATED IEEE 802.1X with PROTECTED EAP)?
I hope someone could help me.
Thanks in advance...Stefano.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-16-2011 01:13 PM
тАО01-16-2011 01:13 PM
Re: 802.1x authentication on PROCURVE 2510G-24
sh run print
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-17-2011 12:45 AM
тАО01-17-2011 12:45 AM
Re: 802.1x authentication on PROCURVE 2510G-24
Running configuration:
; J9279A Configuration Editor; Created on release #Y.11.12
hostname "ProCurve Switch 2510G-24"
mirror-port 1
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1-24
ip address dhcp-bootp
exit
aaa authentication port-access eap-radius
radius-server host 10.35.33.228 key test
aaa port-access authenticator 1
aaa port-access authenticator active
#####################################
i've configured port no. 1 of switch for working as port-access authentication (802.1x).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-17-2011 01:13 AM
тАО01-17-2011 01:13 AM
Re: 802.1x authentication on PROCURVE 2510G-24
fristly switch vlan 1 ip address must have statically your switch vlan 1 ip assign dhcp server
and can't see
aaa accounting network start-stop radius
command on switch
example config
aaa authentication port-access eap-radius
aaa accounting network start-stop radius
radius-server host 100.100.100.80 key procurve
aaa port-access authenticator A1-A24
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-17-2011 05:55 AM
тАО01-17-2011 05:55 AM
Re: 802.1x authentication on PROCURVE 2510G-24
####################################
Running configuration:
; J9279A Configuration Editor; Created on release #Y.11.12
hostname "ProCurve Switch 2510G-24"
mirror-port 1
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1-24
ip address 10.35.33.164 255.255.255.0
exit
aaa authentication port-access eap-radius
aaa accounting network start-stop radius
radius-server host 10.35.33.228 key test
aaa port-access authenticator 1
aaa port-access authenticator active
####################################
This is the frame received by RADIUS from the SWITCH:
####################################
rad_recv: Access-Request packet from host 10.35.33.164 port 1024, id=42, length=245
Framed-MTU = 1480
NAS-IP-Address = 10.35.33.164
NAS-Identifier = "ProCurve Switch 2510G-24"
User-Name = "CASTELGOFFREDO\\C"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-26-f1-bc-78-c0"
Calling-Station-Id = "00-0f-fe-80-4e-94"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
EAP-Message = 0x0208001e0143415354454c474f46465245444f5c434156415a5a30383036
Message-Authenticator = 0x957819fc68420fdba0a678a985a31daa
#########################################
as you can see all seems ok, but the
User-Name = "CASTELGOFFREDO\\C" is truncated, it had to be "CASTELGOFFREDO\\CAVAZZ0806"
Thanks a lot. Stefano.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-25-2011 05:19 AM
тАО01-25-2011 05:19 AM
Re: 802.1x authentication on PROCURVE 2510G-24
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-25-2011 05:59 AM
тАО01-25-2011 05:59 AM
Re: 802.1x authentication on PROCURVE 2510G-24
Primary:
07/16/09 Y.11.12 Config
Secondary:
07/16/09 Y.11.12 Config
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-25-2011 06:18 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-25-2011 06:28 AM
тАО01-25-2011 06:28 AM
Re: 802.1x authentication on PROCURVE 2510G-24
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-25-2011 11:39 PM
тАО01-25-2011 11:39 PM
Re: 802.1x authentication on PROCURVE 2510G-24
now it works correctly.
GREAT. THANK YOU SO MUCH....
Stefano.