Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6258
Views
10
Helpful
4
Replies

Using Windows Network Policy Server to authenticate Prime Infrastructure 1.2 admin access

Go to solution
dennis-lee
Level 1
Level 1

‎09-26-2012 08:57 AM

Dear all,

How can I authenticate admin access to the Prime infrastructure 1.2 using AAA mode RADIUS with Windows Network Policy Server as RADIUS server? I find some information using ACS as RADIUS server but cannot find how to for Windows NPS.

I try to configure the NPS but an error prompted when logging in to PI using an account in the NPS server, "No authorization information found for Remote Authenticated User. Please check the correctness of the associated task(s) and Virtual Domain(s) in the remote server"

Thanks for your help.

Dennis

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
schaef350
Level 1
Level 1

‎03-25-2013 06:45 AM

Ok, I was able to resolve this over the weekend.  The actual fix is a little complicated.  You can find the full explination here: http://technologyordie.com/windows-nps-radius-authentication-of-cisco-prime-infrastructure

The basics are that Prime (1.3 is the version I am using at this point) expects two AV pairs from radius.  They are as as follows:

NCS:role0=Admin

NCS:virtual-domain0=ROOT-DOMAIN

"Admin" is the name of the group you would like your users to have access at and "ROOT-DOMAIN" is the name of the domain you would like them to have access to.

For TACACS+ I suspect the AV Pairs are going to be the same but I have not been able to test that.

- Be sure to rate all helpful posts

View solution in original post

4 Replies 4

Go to solution
root_taker
Level 1
Level 1

‎03-21-2013 10:51 AM

Had you ever found a resolution for this?  I am fighting with the same thing right now...

0 Helpful

Go to solution
Andre Toms
Level 1
Level 1

‎03-22-2013 06:43 AM

I am running into a similar issue, but I'm trying to use tac_plus (tacacs+) on linux instead of radius. Like Adam, I'd like to know if you've solved the issue, as this could help me out as well.

0 Helpful

Go to solution
schaef350
Level 1
Level 1

‎03-25-2013 06:45 AM

Ok, I was able to resolve this over the weekend.  The actual fix is a little complicated.  You can find the full explination here: http://technologyordie.com/windows-nps-radius-authentication-of-cisco-prime-infrastructure

The basics are that Prime (1.3 is the version I am using at this point) expects two AV pairs from radius.  They are as as follows:

NCS:role0=Admin

NCS:virtual-domain0=ROOT-DOMAIN

"Admin" is the name of the group you would like your users to have access at and "ROOT-DOMAIN" is the name of the domain you would like them to have access to.

For TACACS+ I suspect the AV Pairs are going to be the same but I have not been able to test that.

- Be sure to rate all helpful posts

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to schaef350

‎03-25-2013 04:19 PM

Adam,

That's a nice writeup over on your blog. It would make a nice addition here on CSC as a Document in this forum.

Thanks for sharing the resolution.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card