HPE Community
Switches, Hubs, and Modems
1752664 Members
5863 Online
108788 Solutions
New Discussion юеВ

IDM2 and RADIUS

 
SOLVED
Go to solution
Paul_Go
Occasional Advisor

тАО01-31-2007 09:46 AM

тАО01-31-2007 09:46 AM

IDM2 and RADIUS

Hi all,

I'm seeking assistance with an IDM installation that isn't working as it should. I've had to learn RADIUS, 802.1x and IDM all in one go having not worked with any before, so I would suppose I'm missing something obvious.

I installed the IDM agent and client on a Win2003 server running IAS for RADIUS authentication. IDM found and manually imported AD information on users and groups without difficulty, but it is not reporting on login/logoffs.

The switch in question that I am testing on is a 5308xl running E10.44, and my test login PC and server are both attached. After I set up 802.1x on the switch, the PC returns on login that it is unable to find the domain. Switch logs report the port blocked by AAA, and the server's event viewer has no IAS entries.

All the aaa config on the switch is as follows:

aaa authentication port-access eap-radius
aaa authentication web login radius
aaa authentication web enable radius local
aaa accounting network radius
aaa accounting exec radius
aaa accounting system radius
radius-server host 10.64.10.61
aaa port-access authenticator A7
aaa port-access authenticator active
aaa port-access mac-based addr-format multi-dash
aaa port-access web-based B7
aaa port-access web-based B7 client-limit 2
aaa port-access web-based B7 auth-vid 1
aaa port-access web-based B7 unauth-vid 2
aaa port-access web-based dhcp-addr 192.168.22.0 255.255.255.0
aaa port-access web-based dhcp-lease 25

Grateful for any and all assistance.

Paul.
Damn Flanders!
0 Kudos
3 REPLIES 3
Matt Hobbs
Honored Contributor

тАО01-31-2007 03:50 PM

тАО01-31-2007 03:50 PM

Solution

Re: IDM2 and RADIUS

I don't see a RADIUS key in your config...

e.g. 'radius server host 10.64.10.61 key '

Then on IAS make sure to add this switch's IP address with the same key ''.

Everything else looks good.
Paul_Go
Occasional Advisor

тАО02-01-2007 04:11 PM

тАО02-01-2007 04:11 PM

Re: IDM2 and RADIUS

Thanks for having a look over that, Matt. The specific problem turned out to be the .1x setup on the client side, but you were certainly right about the missing key.

The problem I have now is that if logged locally to a computer, I can authenticate to the network (confirmed in the RADIUS server log). However, I cannot log on to the network from the login screen, ie. to the domain (no resources provided, no log on RADIUS server).

Again, any suggestions appreciated. Cheers.

Paul.
Damn Flanders!
0 Kudos
Matt Hobbs
Honored Contributor

тАО02-04-2007 03:13 PM

тАО02-04-2007 03:13 PM

Re: IDM2 and RADIUS

From memory you need to get your PC's to authenticate as themselves first.

Check this Microsoft white paper out which should go into more detail:

http://www.microsoft.com/downloads/details.aspx?familyid=05951071-6b20-4cef-9939-47c397ffd3dd&displaylang=en
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.