05-29-2024 04:50 AM
Hello,
I recently started to use NPS Radius (included in Windows Server 2019) to authenticate on a series of Cisco Switches (SF200, SF220, SG200, SG220, SG250, CBS220-8T, CBS220-24T, CBS250-24T, CBS350-24T).
So far only SF220, SG220 and CBS220 are working fine.
The others are returning the error "Invalid user name or password. Please try again"
I am using the GUI interface.
Any ideas?
Thank you.
Solved! Go to Solution.
05-31-2024 04:27 AM
- Added reply ; review this thread and check if it can help you :
https://community.cisco.com/t5/switches-small-business/radius-on-sf200-24/m-p/2429501#M11421
M.
05-29-2024 10:01 AM
- Check the NPS radius server's logs for the particular authenticating (and or failing attempts)
M.
05-29-2024 10:39 PM
Hello,
I checked the logs. The most detailed reason for rejecting the connection was that "Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect".
The problem is that from all the switches I use (SF200, SF220, SG200, SG220, SG250, CBS220-8T, CBS220-24T and CBS350) the only ones that works are SF220, SG220 and CBS220. The others present the same problem. All are configured the same. I already tried firmware updates.
An earlier post here (about 2 years ago) was referring to the same issue with SG200. So the problem seams to be old but until now no fix.
Thank you.
05-29-2024 11:42 PM
>..."Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect".
- Correct these parameters ,
M.
05-29-2024 11:49 PM
05-30-2024 12:28 AM
- Can you verify if this syndrome is related to radius (or not) , by for instance configuring the user local on the device with the same username and password ; does that work ?
M.
05-30-2024 02:17 AM
Hello,
You realize that it's not ok. If I configure the user localy with the same username and password the switch will use those credentials to authenticate me, not the one provided by the RADIUS.
Sorry to repeat myself but the RADIUS server is working fine because it's implemented on some switches and I can authenticate with the credentials it's providing.
The problem appears on specific models. (which I enumerated before).
05-30-2024 02:22 AM
05-30-2024 02:32 AM
05-30-2024 02:58 AM
05-30-2024 03:15 AM
05-30-2024 03:49 AM
05-30-2024 06:14 AM
- What do you mean by '4 categories' ?
M.
05-30-2024 11:03 AM
05-31-2024 12:08 AM
- Try to make a packet capure (using tcpdump , or other tool) ; to examine what is send to the radius server and check if that corresponds with the real credentials entered , (radius is not encrypted)
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide