cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2187
Views
0
Helpful
1
Replies
Beginner

Router Login With NPS Radius Problem

Hi !

I like to use Microsoft Network Policy Server 2008 As Radius server for my routers and so control logins using active directory groups

I think i did it all correctly but i get authentication failure

and I should add that i have tested it both with domain groups and local groups

Router Interface : Fa 0/1 : 192.168.10.254

NPS : 192.168.10.11

Router Config :

aaa new-model
!
!
aaa authentication login Ganji group radius local
aaa authorization exec Ganji group radius local  
!

!
radius-server host 192.168.10.11 auth-port 1812 acct-port 1813 key 123456
!

line vty 0 4
 exec-timeout 15 0
 authorization exec Ganji
 logging synchronous
 login authentication Ganji
 transport input all
!

NPS Config :

http://www.webbosworld.co.uk/blog/?p=191

Router Log :

*Oct 24 11:43:08.579: RADIUS/ENCODE(00000014): ask "Password: "
*Oct 24 11:43:08.579: RADIUS/ENCODE(00000014): send packet; GET_PASSWORD
R1#
*Oct 24 11:43:13.891: RADIUS/ENCODE(00000014):Orig. component type = Exec
*Oct 24 11:43:13.899: RADIUS:  AAA Unsupported Attr: interface         [204] 4  
*Oct 24 11:43:13.899: RADIUS:   74 74                [ tt]
*Oct 24 11:43:13.903: RADIUS(00000014): Config NAS IP: 192.168.10.254
*Oct 24 11:43:13.907: RADIUS/ENCODE(00000014): acct_session_id: 10
*Oct 24 11:43:13.907: RADIUS(00000014): sending
*Oct 24 11:43:13.923: RADIUS(00000014): Send Access-Request to 192.168.10.11:1812 id 1645/12, len 73
*Oct 24 11:43:13.923: RADIUS:  authenticator AB 7D 7F 2C 5F 53 4E 56 - 87 25 94 F0 88 EA 5E A0
*Oct 24 11:43:13.923: RADIUS:  User-Name           [1]   5   "noc"
*Oct 24 11:43:13.923: RADIUS:  User-Password       [2]   18  *
*Oct 24 11:43:13.923: RADIUS:  NAS-Port            [5]   6   2                  
*Oct 24 11:43:13.923: RADIUS:  NAS-Port-Id         [87]  6   "tty2"
*Oct 24 11:43:13.923: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
*Oct 24 11:
R1#43:13.923: RADIUS:  Service-Type        [6]   6   Login                     [1]
*Oct 24 11:43:13.923: RADIUS:  NAS-IP-Address      [4]   6   192.168.10.254     
*Oct 24 11:43:13.927: RADIUS(00000014): Started 5 sec timeout
*Oct 24 11:43:13.943: RADIUS: Received from id 1645/12 192.168.10.11:1812, Access-Reject, len 20
*Oct 24 11:43:13.947: RADIUS:  authenticator BB A6 60 D5 8C E7 4D 87 - B5 00 1A 76 87 E3 0E 94
*Oct 24 11:43:13.963: RADIUS(00000014): Received from id 1645/12
R1#
*Oct 24 11:43:17.983: AAA/AUTHEN/LOGIN (00000014): Pick method list 'Ganji'
*Oct 24 11:43:17.991: RADIUS/ENCODE(00000014): ask "Username: "
*Oct 24 11:43:17.991: RADIUS/ENCODE(00000014): send packet; GET_USER
R1#

NPS Log :

*Oct 24 11:43:08.579: RADIUS/ENCODE(00000014): ask "Password: "
*Oct 24 11:43:08.579: RADIUS/ENCODE(00000014): send packet; GET_PASSWORD
R1#
*Oct 24 11:43:13.891: RADIUS/ENCODE(00000014):Orig. component type = Exec
*Oct 24 11:43:13.899: RADIUS:  AAA Unsupported Attr: interface         [204] 4  
*Oct 24 11:43:13.899: RADIUS:   74 74                [ tt]
*Oct 24 11:43:13.903: RADIUS(00000014): Config NAS IP: 192.168.10.254
*Oct 24 11:43:13.907: RADIUS/ENCODE(00000014): acct_session_id: 10
*Oct 24 11:43:13.907: RADIUS(00000014): sending
*Oct 24 11:43:13.923: RADIUS(00000014): Send Access-Request to 192.168.10.11:1812 id 1645/12, len 73
*Oct 24 11:43:13.923: RADIUS:  authenticator AB 7D 7F 2C 5F 53 4E 56 - 87 25 94 F0 88 EA 5E A0
*Oct 24 11:43:13.923: RADIUS:  User-Name           [1]   5   "noc"
*Oct 24 11:43:13.923: RADIUS:  User-Password       [2]   18  *
*Oct 24 11:43:13.923: RADIUS:  NAS-Port            [5]   6   2                  
*Oct 24 11:43:13.923: RADIUS:  NAS-Port-Id         [87]  6   "tty2"
*Oct 24 11:43:13.923: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
*Oct 24 11:
R1#43:13.923: RADIUS:  Service-Type        [6]   6   Login                     [1]
*Oct 24 11:43:13.923: RADIUS:  NAS-IP-Address      [4]   6   192.168.10.254     
*Oct 24 11:43:13.927: RADIUS(00000014): Started 5 sec timeout
*Oct 24 11:43:13.943: RADIUS: Received from id 1645/12 192.168.10.11:1812, Access-Reject, len 20
*Oct 24 11:43:13.947: RADIUS:  authenticator BB A6 60 D5 8C E7 4D 87 - B5 00 1A 76 87 E3 0E 94
*Oct 24 11:43:13.963: RADIUS(00000014): Received from id 1645/12
R1#
*Oct 24 11:43:17.983: AAA/AUTHEN/LOGIN (00000014): Pick method list 'Ganji'
*Oct 24 11:43:17.991: RADIUS/ENCODE(00000014): ask "Username: "
*Oct 24 11:43:17.991: RADIUS/ENCODE(00000014): send packet; GET_USER
R1#
Everyone's tags (4)
1 REPLY 1
Highlighted
Beginner

Router Login With NPS Radius Problem

It is solved now

the problem was the fact that Vendor-Specific and Configure VSA were not set

more details here :

http://blog.skufel.net/2012/06/how-to-integrating-cisco-devices-access-with-microsoft-npsradius/

CreatePlease to create content
Content for Community-Ad