ā12-21-2015 10:44 AM - edited ā03-10-2019 11:20 PM
Hello All. I have switches configured to use RADIUS authentication and have been logging on username/password per my account in Active Directory. However, now I need to use a CAC to do so. In Active Directory under the account it has for instance 53123@com for the User Logon Name: The User logon name (pre-Windows 2000) is DOMAIN\john.smith.sa
When I put either 53123@com or 53123 and then use my pin I'm not able to logon to the switches. I've already deleted/readded my account to the Windows group specified in the Network Policy Server role of Windows 2008 R2. Any suggestions? Thanks.
ā12-29-2015 07:32 PM
Does the NPS log say your account was granted access? If not, look at NPS closer.
If it says access was granted then do a few "debug aaa ..." commands on the switches and see why they are not accepting the Access-Acept message.
ā01-05-2016 01:37 PM
I'm just getting back to troubleshooting this. I will look at the NPS logs though. So are you saying it is possible to use a CAC to authenticate to an SSH session to the switch?
ā01-05-2016 05:11 PM
I'm not sure, but I am 100% certain that if NPS has denied the connection it wont work - so the first step is to make sure it is permitting the connection.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide