I'm just getting back to

cer43tcent · ‎12-21-2015

Hello All. I have switches configured to use RADIUS authentication and have been logging on username/password per my account in Active Directory. However, now I need to use a CAC to do so. In Active Directory under the account it has for instance 53123@com for the User Logon Name: The User logon name (pre-Windows 2000) is DOMAIN\john.smith.sa

When I put either 53123@com or 53123 and then use my pin I'm not able to logon to the switches. I've already deleted/readded my account to the Windows group specified in the Network Policy Server role of Windows 2008 R2. Any suggestions? Thanks.

Philip D'Ath · ‎12-29-2015

Does the NPS log say your account was granted access? If not, look at NPS closer.

If it says access was granted then do a few "debug aaa ..." commands on the switches and see why they are not accepting the Access-Acept message.

cer43tcent · ‎01-05-2016

I'm just getting back to troubleshooting this. I will look at the NPS logs though. So are you saying it is possible to use a CAC to authenticate to an SSH session to the switch?

Philip D'Ath · ‎01-05-2016

I'm not sure, but I am 100% certain that if NPS has denied the connection it wont work - so the first step is to make sure it is permitting the connection.

Admin CAC to Logon Switches