Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3709
Views
0
Helpful
1
Replies

WAAS & Radius on Windows 2008 NPS Server

vermin
Level 1
Level 1

‎05-27-2010 03:15 AM

WAAS & Radius on Windows 2008 NPS ServerHas anybody succesfully got this working?

There seems to be only a few things to configure on the WAAS central manager (Shared encryption key ,server name and server port) under the 'Radius' menu and then the authentication login method order under 'Authentication Methods' menu.

This is all configured and looks ok.

On the NPS server the client is configured under 'RADIUS Clients' menu (friendly name,IP address shared secret key & vendor) and is enabled,

and under the 'Network Policies' menu the same settings as our Cisco ASA's are configured (which are working),execpt the name has been changed.

I have the vendor specific attributes as below:-


Cisco-AV-Pair   shell:priv-lvl=15 to shell:



Here is some output from the Radius logs


"UKA-SR-MSNPS-10","IAS",05/24/2010,10:21:50,3,,"ANYWHEREADGLOBAL\admin",,,,,,,,9,"X.X.X.X","UKB-AP-WAECM-10",,,,,,,1,,16,"311 1 fe80::8197:671e:537d:2e28 05/17/2010 15:14:40 308",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
"UKA-SR-MSNPS-10","IAS",05/24/2010,10:22:05,1,"joebloggsadmin","anywhere.local/UKDC/Administration/BloggsAdmin, Joe",,,,,"content_engine_config","X.X.X.X",31704,9,"X.X.X.X","UKB-AP-WAECM-10",,,,,,8,1,"Connections to other access servers",0,"311 1 fe80::8197:671e:537d:2e28 05/17/2010 15:14:40 309",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
"UKA-SR-MSNPS-10","IAS",05/24/2010,10:22:05,3,,"anywhere.local/UKDC/Administration/BloggsAdmin, Joe",,,,,,,,9,"X.X.X.X","UKB-AP-WAECM-10",,,,,,,1,"Connections to other access servers",65,"311 1 fe80::8197:671e:537d:2e28 05/17/2010 15:14:40 309",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,



Event Viewer output


Event 13,NPS

A RADIUS message was received from the invalid RADIUS client IP address X.X.X.X (WAAS IP )


Any help would be appreciated


Cheers,


Nick

0 Helpful
1 Reply 1

Zach Seils
Level 7
Level 7

‎05-27-2010 07:08 AM

Microsoft claims the following are the reasons you would see Event 13:

  • In the NPS Microsoft Management Console (MMC), a RADIUS  client is configured by fully qualified domain name (FQDN) or NetBIOS  name rather than by IP address, and NPS has not received a DNS server  response to the name resolution query. Without the IP address provided  by the name resolution query, NPS cannot contact the RADIUS client.
  • NPS is receiving communication from a RADIUS client that is  not configured in the NPS MMC.
  • In the NPS MMC, a RADIUS client is configured by either IPv4  or IPv6 address, but the format of the IP address is incorrect.

Regards,

Zach

0 Helpful
Customers Also Viewed These Support Documents