Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
450
Views
0
Helpful
3
Replies

Admin CAC to Logon Switches

cer43tcent
Level 1
Level 1

ā€Ž12-21-2015 10:44 AM - edited ā€Ž03-10-2019 11:20 PM

Hello All.  I have switches configured to use RADIUS authentication and have been logging on username/password per my account in Active Directory.  However, now I need to use a CAC to do so.  In Active Directory under the account it has for instance 53123@com for the User Logon Name:  The User logon name (pre-Windows 2000) is DOMAIN\john.smith.sa

When I put either 53123@com or 53123 and then use my pin I'm not able to logon to the switches.  I've already deleted/readded my account to the Windows group specified in the Network Policy Server role of Windows 2008 R2.  Any suggestions?  Thanks.

Labels:
0 Helpful
3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

ā€Ž12-29-2015 07:32 PM

Does the NPS log say your account was granted access? If not, look at NPS closer.

If it says access was granted then do a few "debug aaa ..." commands on the switches and see why they are not accepting the Access-Acept message.

0 Helpful

cer43tcent
Level 1
Level 1
In response to Philip D'Ath

ā€Ž01-05-2016 01:37 PM

I'm just getting back to troubleshooting this.  I will look at the NPS logs though.  So are you saying it is possible to use a CAC to authenticate to an SSH session to the switch?

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to cer43tcent

ā€Ž01-05-2016 05:11 PM

I'm not sure, but I am 100% certain that if NPS has denied the connection it wont work - so the first step is to make sure it is permitting the connection.

0 Helpful
Customers Also Viewed These Support Documents