12-21-2015 10:44 AM - edited 03-10-2019 11:20 PM
Hello All. I have switches configured to use RADIUS authentication and have been logging on username/password per my account in Active Directory. However, now I need to use a CAC to do so. In Active Directory under the account it has for instance 53123@com for the User Logon Name: The User logon name (pre-Windows 2000) is DOMAIN\john.smith.sa
When I put either 53123@com or 53123 and then use my pin I'm not able to logon to the switches. I've already deleted/readded my account to the Windows group specified in the Network Policy Server role of Windows 2008 R2. Any suggestions? Thanks.
12-29-2015 07:32 PM
Does the NPS log say your account was granted access? If not, look at NPS closer.
If it says access was granted then do a few "debug aaa ..." commands on the switches and see why they are not accepting the Access-Acept message.
01-05-2016 01:37 PM
I'm just getting back to troubleshooting this. I will look at the NPS logs though. So are you saying it is possible to use a CAC to authenticate to an SSH session to the switch?
01-05-2016 05:11 PM
I'm not sure, but I am 100% certain that if NPS has denied the connection it wont work - so the first step is to make sure it is permitting the connection.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: