01-12-2017 06:31 AM
I'm trying to get webauth going, but it's not too smooth so far. Here is my aaa, radius and ip admission config lines on a 3560G:
sh run | include admiss
ip admission name webauth proxy http
ip admission webauth
core#sri aaa
aaa new-model
aaa authentication login default group radius
aaa authorization auth-proxy default group radius
aaa session-id common
core#sri radius
aaa authentication login default group radius
aaa authorization auth-proxy default group radius
ip radius source-interface Vlan10
radius-server host 192.168.0.14
radius-server key 7 06330170414F1D0B0C2F
I'm using a Windows 2008 R2 domain controller for radius. What usually happens is that I get a login page, enter valid credentials, another page pops up warning about security with a "connect" option. When I click connect, another login tab opens...repeat ad naseum. Wireshark shows a radius request and reject packet on the DC, and the event log of the DC shows a policy denial. The reason given is that the user provided in the request is locked out, but the user always shows up as domain\guest. I have no idea why.
Is there anything in my config that looks off, or does anyone have any experience with this situation?
Also, a general webauth question. Can webauth be used to block network access completely, or just web traffic? I know 802.1x can do it, but I was asked to use webauth, but I'm not sure that it can.
Thank you!
01-12-2017 07:04 AM
I tried enabling the guest account just to see if things would work. I get different errors now. On the DC it says I'm trying to use an auth type not specified in the network policy. I have PAP checked and this same user account works when I use radius for logon auth on the same switch.
Very puzzling and inconsistent so far.
01-12-2017 08:15 AM
It works if I don't force clients to negotiate an authentication method. Does anyone know what auth method should be selected for Windows 2008 radius?
01-13-2017 01:02 PM
bumpage
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide