- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- HP ProCurve 2520G-8-PoE RADIUS MAC-Adress Authenti...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-25-2013 05:26 AM
09-25-2013 05:26 AM
HP ProCurve 2520G-8-PoE RADIUS MAC-Adress Authentication doesn't work
Dear HP-Community
For testing, I've set up a little VLAN with an HP ProCurve 2520G-8-PoE ,a Proliant DL380R G4 with Windows Server 2008 system and a NPS for the RADIUS authentication and a normal windows 7 client for testing the authentication.
Now I have followed the "How to configure MAC authentication on a ProCurve switch"-Manual for configuring the right parameters. The only difference is that I also enabled the EAP-MSCHAPv2 encryption, because Windows 7 doesn't support CHAP.
Unfortunately my NPS's blocking the client. The error-messages says, that the username and password are wrong:
er Netzwerkrichtlinienserver verweigerte einem Benutzer den Zugriff. Wenden Sie sich an den Administrator des Netzwerkrichtlinienservers, um weitere Informationen zu erhalten. Benutzer: Sicherheits-ID: NULL SID Kontoname: 009c021b1458 Kontodomäne: UEB Vollqualifizierter Kontoname: UEB\00-9c-02-1b-14-58 Clientcomputer: Sicherheits-ID: NULL SID Kontoname: - Vollqualifizierter Kontoname: - Betriebssystemversion: - Empfänger-ID: 84-34-97-43-5f-9d Anrufer-ID: 00-9c-02-1b-14-58 NAS: NAS-IPv4-Adresse: 192.168.210.51 NAS-IPv6-Adresse: - NAS-ID: UEBSW01 NAS-Porttyp: Ethernet NAS-Port: 3 RADIUS-Client: Clientanzeigenname: UEBSW01 Client-IP-Adresse: 192.168.210.51 Authentifizierungsdetails: Name der Verbindungsanforderungsrichtlinie: GABRIEL Netzwerkrichtlinienname: - Authentifizierungsanbieter: Windows Authentifizierungsserver: UEBSRV.ueb.lokal Authentifizierungstyp: MD5-CHAP EAP-Typ: - Kontositzungs-ID: - Protokollierungsergebnisse: Die Kontoinformationen wurden in die lokale Protokolldatei geschrieben. Ursachencode: 16 Ursache: Authentifizierungsfehler aufgrund der Nichtübereinstimmung von Benutzeranmeldeinformationen. Der angegebene Benutzername ist keinem vorhandenen Benutzerkonto zugeordnet, oder das Kennwort war falsch.
The message is in german, but i hope you get the important information.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2013 11:52 AM
10-23-2013 11:52 AM
Re: HP ProCurve 2520G-8-PoE RADIUS MAC-Adress Authentication doesn't work
EAP-MSCHAPv2 is for 802.1x, not for mac-address based authentication.
Given the light level of security if you are doing pure mac-based authentication, it would be silly of any RADIUS server to not support CHAP or basic RADIUS authentication. It's not like, if you're going to allow anyone who can spoof a MAC address on, you really care that their MAC address and its hash are encryped across the wire from the NAS to the AAA server, and if you did, you'd tunnel it through IPSEC before it hot the Internet anyway. My suggestion might be to consider using a real RADIUS server like FreeRADIUS or radiator, unless you have a compelling reason to use NPS.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-29-2013 09:10 AM
10-29-2013 09:10 AM
Re: HP ProCurve 2520G-8-PoE RADIUS MAC-Adress Authentication doesn't work
The reason is, that i have to use the NPS, these are the specifications of my boss.
Also, i HAVE enabled CHAP AND EAP-MSCHAPv2 both at the same time.