Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3606
Views
0
Helpful
3
Replies

WLC Management access using Windows NPS

Go to solution
inlandprinting
Level 1
Level 1

‎06-27-2019 08:13 AM - edited ‎07-05-2021 10:36 AM

TO BE CLEAR: I am attempting to setup my WLC to authenticate management users via my RADIUS server which runs on windows server 2012 R2 NPS.

 

This topic seems like it should be so simple.  tick the option in the RADIUS configuration to allow management login, switch the login priority order and away you go.  That is where the happy stops for me.  I do both of these things, I look at my NPS server which says it permitted full control  based on the NPS logs, but then the WLC interface just kicks me back another login box.

 

I know NPS is working as I use it for authentication to my other infrastructure gear, wireless authentication via Certificates, VPN access etc.  Anyone have any idea what secret undocumented solution for WLC i'm missing.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
craig.beck
Level 1
Level 1

‎06-27-2019 08:24 AM

You need to allow PAP as the authentication method in the NPS network policy and set the Service-Type attribute to "Administrative".

View solution in original post

0 Helpful
3 Replies 3

Go to solution
craig.beck
Level 1
Level 1

‎06-27-2019 08:24 AM

You need to allow PAP as the authentication method in the NPS network policy and set the Service-Type attribute to "Administrative".

0 Helpful

Go to solution
Mikey Boy
Level 1
Level 1

‎06-27-2019 08:59 AM - edited ‎06-27-2019 09:08 AM

As previously stated the radius attribute must be set to service type Administrative.

 

Are you definitely hitting the policy you expect if the service type is set?

 

Regards

0 Helpful

Go to solution
inlandprinting
Level 1
Level 1
In response to Mikey Boy

‎06-27-2019 09:33 AM

Interesting.  I had it hitting the same policy I've got for all my other infrastructure devices.  duplicated that policy and changed the attribute from login to administrative and that worked.

 

Thanks.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card