06-27-2019 08:13 AM - edited 07-05-2021 10:36 AM
TO BE CLEAR: I am attempting to setup my WLC to authenticate management users via my RADIUS server which runs on windows server 2012 R2 NPS.
This topic seems like it should be so simple. tick the option in the RADIUS configuration to allow management login, switch the login priority order and away you go. That is where the happy stops for me. I do both of these things, I look at my NPS server which says it permitted full control based on the NPS logs, but then the WLC interface just kicks me back another login box.
I know NPS is working as I use it for authentication to my other infrastructure gear, wireless authentication via Certificates, VPN access etc. Anyone have any idea what secret undocumented solution for WLC i'm missing.
Solved! Go to Solution.
06-27-2019 08:24 AM
You need to allow PAP as the authentication method in the NPS network policy and set the Service-Type attribute to "Administrative".
06-27-2019 08:24 AM
You need to allow PAP as the authentication method in the NPS network policy and set the Service-Type attribute to "Administrative".
06-27-2019 08:59 AM - edited 06-27-2019 09:08 AM
As previously stated the radius attribute must be set to service type Administrative.
Are you definitely hitting the policy you expect if the service type is set?
Regards
06-27-2019 09:33 AM
Interesting. I had it hitting the same policy I've got for all my other infrastructure devices. duplicated that policy and changed the attribute from login to administrative and that worked.
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide