Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
662
Views
0
Helpful
2
Replies

LEAP / RADIUS (SBR) / Windos Domain Groups

herbertpires
Level 1
Level 1

‎06-24-2004 12:46 PM - edited ‎07-04-2021 09:44 AM

I am trying to authenticate users in a Steel-Belted-Radius (Funk Software) using LEAP and i am having problems when a specific users belongs to more than one windows domain group.

I configured the three groups in SBR and set the PrequalifyChecklist to YES but the SBR couldn´t identify the correct group, even using the checklist atribute (NAS-IP-ADDRESS).

Does anyone can help me with this problem?

Thanks.

Labels:
0 Helpful
2 Replies 2

melisei
Level 1
Level 1

‎06-24-2004 04:14 PM

Here is part of a doc regarding the SBR config. I hope it helps.

ME

SBR Setup

To enable wireless user authentication from the Native database:

SBR V3.0x

1) Edit EAP.INI

2) Uncomment the Native-User section:

[Native-User]

EAP-Prefetch = 1

EAP-Type = LEAP

3) Restart the Radius Service

4) Add your wireless users or groups to the Users dialog.

SBR V4.0x

1) Edit EAP.INI

2) Uncomment the Native-User section:

[Native-User]

;EAP-Only = 0

;First-Handle-Via-Auto-EAP = 0

;EAP-Type = LEAP

3) Restart the Radius Service

4) Add your wireless users or groups to the Users dialog.

To enable wireless user authentication from a windows Domain or Active directory:

SBR V3.0x

1) Edit WINAUTH.AUT

2) Set Enable = 1

3) Uncomment the EAP entries in the [Bootstrap] section

[Bootstrap]

EAP-Prefetch = 0

EAP-Type = LEAP

4) Restart the Radius Service

5) On the Configuration dialog, enable "Windows Domain User" or "Windows Domain Group"

6) Add your wireless users or groups to the Users dialog.

SBR V4.0x

1) Edit EAP.INI

2) Uncomment the WINAUTH section:

[WINAUTH]

;EAP-Only = 0

;EAP-Type = LEAP

;First-Handle-Via-Auto-EAP = 1

4) Restart the Radius Service

5) On the Configuration dialog, enable "Windows Domain User" or "Windows Domain Group"

6) Add your wireless users or groups to the Users dialog.

0 Helpful

herbertpires
Level 1
Level 1
In response to melisei

‎06-25-2004 04:44 AM

Thanks Melisei. I have already done this configuration in SBR.

I forgot to say in my first post that i can authenticate a user when the request comes from a VPN switch (Contivity - Nortel). The problem occurs when a try to authenticate a user using a Cisco access point (AP 1100). Maybe i am not configuring the access point correctly. This is the configuration of the AP that i am using:

aaa group server radius rad_eap

server 10.0.0.5 auth-port 1645 acct-port 1646

!

aaa authentication login default local

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authorization exec default local

aaa authorization ipmobile default group rad_pmip

aaa accounting network acct_methods start-stop group rad_acct

aaa session-id common

!

radius-server host 10.0.0.5 auth-port 1645 acct-port 1646 key 7 034F0D0A0X2C4X5C5X99

radius-server attribute 32 include-in-access-req format %d

radius-server authorization permit missing Service-Type

radius-server vsa send accounting

Thank you for your attention.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card