Windows 2008 NPS Radius and AAA

Unanswered Question
Jul 8th, 2009

I am trying to get Windows NPS Radius to authenticate users into switches and routers. I have followed a very thorough document that I found online. However, I am not having success getting authentication to work. Has anyone had any success with integrating this before?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
greg.washburn Wed, 07/08/2009 - 10:44

The video example sets up the windows side ok but there is nothing about the cisco side.

Something like:

aaa new-model

aaa group server radius authservlist

server 10.1.1.1

aaa authentication login authlist local group authservlist

radius-server host 10.1.1.1 key someverylongpassword

line con 0

login authentication authlist

line vty 0 4

login authentication authlist

I think that's all you would need for the cisco side

Collin_Clark Thu, 07/09/2009 - 05:48

It's was a real pain to set up, took me about 1/2 a day to figure it out. Glad it helped.

adamm2008 Fri, 07/10/2009 - 05:57

I may have spoken a little too soon. I had no problems with 3560, 3750 series devices. I am currntly having problems with 2950 and 2960 devices. When I do a 'debug radius' I get errors:

RADIUS: Cisco AVPair "shell:priv-lvl=15"

RADIUS: unrecognized Vendor code 311

RADIUS: unrecognized Vendor code 311

RADIUS: no appropriate authorization type for user.exit

spidermanchar Mon, 09/20/2010 - 19:47

Hello there,

The link is not available anymore, could I find it anywhere?

Thanks,

Victor

Duke_RLA@hotmail.com Tue, 03/20/2012 - 04:59

Hi.

I have exactly the same problem with 2950 and radius authentication

RADIUS:  unrecognized Vendor code 311

RADIUS:  unrecognized Vendor code 311

RADIUS:  no appropriate authorization type for user.exit

Can anyone help with this problem?

minkumar Tue, 03/20/2012 - 06:26

Hey

can you check if you have done the following config

1.push the service type = login

2.Set the Attribute Format to "String"

Type "shell:priv-lvl=15" in the Attribute Value field

Let me know if it helped.

Duke_RLA@hotmail.com Tue, 03/20/2012 - 07:46

Thanks for the help!

shell:priv-lvl=15 was already there but it only grants privelege mode.

Service-Type = Login  setting worked like a charm.

minkumar Tue, 03/20/2012 - 11:51

in case the above mentioned suggestion helped. Kindly mark this as resolved so that other can get benefit out of it.

Duke_RLA@hotmail.com Wed, 03/21/2012 - 03:59

Yes, service type: login  setting helped.

I'm not sure I can mark this topic as resolved since this topic was not originally created by me.

gustavocaballero Sat, 12/29/2012 - 13:01
Hi I have the same problem but the settings are the same but in my case it does  not work ...

I pass my log, and I can not check that but any help would be great  thanks!

3d06h: RADIUS: Pick NAS IP for u=0x1A5FC30 tableid=0 cfg_addr=10.1.37.206

3d06h: RADIUS: ustruct sharecount=1

3d06h: Radius: radius_port_info() success=1 radius_nas_port=1

3d06h: RADIUS(00000000): Send Access-Request to 10.1.1.226:1812 id 1645/23, len 87

3d06h: RADIUS:  authenticator 27 D9 BE 53 AE DB 47 C5 - 97 A3 47 4C 7F F8 71 56

3d06h: RADIUS:  NAS-IP-Address      [4]   6   10.1.37.206

3d06h: RADIUS:  NAS-Port            [5]   6   2

3d06h: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]

3d06h: RADIUS:  User-Name           [1]   19  "gustavo.caballero"

3d06h: RADIUS:  Calling-Station-Id  [31]  12  "10.1.1.118"

3d06h: RADIUS:  User-Password       [2]   18  *

3d06h: RADIUS: Received from id 1645/23 10.1.1.226:1812, Access-Accept, len 127

3d06h: RADIUS:  authenticator A7 24 23 81 18 37 65 76 - 98 FB 84 4E A8 A5 F9 FA

3d06h: RADIUS:  Idle-Timeout        [28]  6   600

3d06h: RADIUS:  Service-Type        [6]   6   Login                     [1]

3d06h: RADIUS:  Class               [25]  46

3d06h: RADIUS:   A7 88 0A 0E 00 00 01 37 00 01 02 00 0A 01 01 E2  [???????7????????]

3d06h: RADIUS:   00 00 00 00 21 7A 1C 00 F4 F8 D2 C4 01 CD D8 77  [????!z?????????w]

3d06h: RADIUS:   15 59 F6 92 00 00 00 00 00 00 00 98              [?Y??????????]

3d06h: RADIUS:  Vendor, Cisco       [26]  25

3d06h: RADIUS:   Cisco AVpair       [1]   19  "Shell:priv-lvl=15"

3d06h: RADIUS:  Vendor, Microsoft   [26]  12

3d06h: RADIUS:   MS-Link-Util-Thresh[14]  6

3d06h: RADIUS:   00 00 00 32                                      [???2]

3d06h: RADIUS:  Vendor, Microsoft   [26]  12

3d06h: RADIUS:   MS-Link-Drop-Time-L[15]  6

3d06h: RADIUS:   00 00 00 78                                      [???x]

3d06h: RADIUS: saved authorization data for user 1A5FC30 at 1A4F4B8

3d06h: RADIUS: cisco AVPair "Shell:priv-lvl=15" not applied for shell

3d06h: RADIUS: unrecognized Vendor code 311

3d06h: RADIUS: unrecognized Vendor code 311

Actions

Login or Register to take actions

This Discussion

Posted July 8, 2009 at 10:08 AM
Stats:
Replies:17 Avg. Rating:5
Views:9999 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard