Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Windows 2008 NPS Radius and AAA

I am trying to get Windows NPS Radius to authenticate users into switches and routers. I have followed a very thorough document that I found online. However, I am not having success getting authentication to work. Has anyone had any success with integrating this before?

17 REPLIES

Re: Windows 2008 NPS Radius and AAA

I have and I made a recording of it. You can find it here-

https://packetpros.com/cisco_kb/RADIUS_2008.html

Hope it helps.

New Member

Re: Windows 2008 NPS Radius and AAA

The video example sets up the windows side ok but there is nothing about the cisco side.

Something like:

aaa new-model

aaa group server radius authservlist

server 10.1.1.1

aaa authentication login authlist local group authservlist

radius-server host 10.1.1.1 key someverylongpassword

line con 0

login authentication authlist

line vty 0 4

login authentication authlist

I think that's all you would need for the cisco side

Re: Windows 2008 NPS Radius and AAA

Bingoo!

Thanks for sharing it Collin

New Member

Re: Windows 2008 NPS Radius and AAA

HUGE help, thank you very much. I have it working now.

Re: Windows 2008 NPS Radius and AAA

It's was a real pain to set up, took me about 1/2 a day to figure it out. Glad it helped.

New Member

Re: Windows 2008 NPS Radius and AAA

I may have spoken a little too soon. I had no problems with 3560, 3750 series devices. I am currntly having problems with 2950 and 2960 devices. When I do a 'debug radius' I get errors:

RADIUS: Cisco AVPair "shell:priv-lvl=15"

RADIUS: unrecognized Vendor code 311

RADIUS: unrecognized Vendor code 311

RADIUS: no appropriate authorization type for user.exit

Re: Windows 2008 NPS Radius and AAA

Can you post your AAA config from a 2950 or 2960?

New Member

Re: Windows 2008 NPS Radius and AAA

Posting 2960 config with debug information at bottom.

New Member

Re: Windows 2008 NPS Radius and AAA

HUGE help, thank you very much. I have it working now.

New Member

Re: Windows 2008 NPS Radius and AAA

Hello there,

The link is not available anymore, could I find it anywhere?

Thanks,

Victor

New Member

Windows 2008 NPS Radius and AAA

Hi.

I have exactly the same problem with 2950 and radius authentication

RADIUS:  unrecognized Vendor code 311

RADIUS:  unrecognized Vendor code 311

RADIUS:  no appropriate authorization type for user.exit

Can anyone help with this problem?

Silver

Windows 2008 NPS Radius and AAA

Hey

can you check if you have done the following config

1.push the service type = login

2.Set the Attribute Format to "String"

Type "shell:priv-lvl=15" in the Attribute Value field

Let me know if it helped.

New Member

Windows 2008 NPS Radius and AAA

Thanks for the help!

shell:priv-lvl=15 was already there but it only grants privelege mode.

Service-Type = Login  setting worked like a charm.

Silver

Windows 2008 NPS Radius and AAA

Did you mean service type: login helped?

Silver

Windows 2008 NPS Radius and AAA

in case the above mentioned suggestion helped. Kindly mark this as resolved so that other can get benefit out of it.

New Member

Windows 2008 NPS Radius and AAA

Yes, service type: login  setting helped.

I'm not sure I can mark this topic as resolved since this topic was not originally created by me.

New Member

Windows 2008 NPS Radius and AAA

Hi I have the same problem but the settings are the same but in my case it does  not work ...

I pass my log, and I can not check that but any help would be great  thanks!

3d06h: RADIUS: Pick NAS IP for u=0x1A5FC30 tableid=0 cfg_addr=10.1.37.206

3d06h: RADIUS: ustruct sharecount=1

3d06h: Radius: radius_port_info() success=1 radius_nas_port=1

3d06h: RADIUS(00000000): Send Access-Request to 10.1.1.226:1812 id 1645/23, len 87

3d06h: RADIUS:  authenticator 27 D9 BE 53 AE DB 47 C5 - 97 A3 47 4C 7F F8 71 56

3d06h: RADIUS:  NAS-IP-Address      [4]   6   10.1.37.206

3d06h: RADIUS:  NAS-Port            [5]   6   2

3d06h: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]

3d06h: RADIUS:  User-Name           [1]   19  "gustavo.caballero"

3d06h: RADIUS:  Calling-Station-Id  [31]  12  "10.1.1.118"

3d06h: RADIUS:  User-Password       [2]   18  *

3d06h: RADIUS: Received from id 1645/23 10.1.1.226:1812, Access-Accept, len 127

3d06h: RADIUS:  authenticator A7 24 23 81 18 37 65 76 - 98 FB 84 4E A8 A5 F9 FA

3d06h: RADIUS:  Idle-Timeout        [28]  6   600

3d06h: RADIUS:  Service-Type        [6]   6   Login                     [1]

3d06h: RADIUS:  Class               [25]  46

3d06h: RADIUS:   A7 88 0A 0E 00 00 01 37 00 01 02 00 0A 01 01 E2  [???????7????????]

3d06h: RADIUS:   00 00 00 00 21 7A 1C 00 F4 F8 D2 C4 01 CD D8 77  [????!z?????????w]

3d06h: RADIUS:   15 59 F6 92 00 00 00 00 00 00 00 98              [?Y??????????]

3d06h: RADIUS:  Vendor, Cisco       [26]  25

3d06h: RADIUS:   Cisco AVpair       [1]   19  "Shell:priv-lvl=15"

3d06h: RADIUS:  Vendor, Microsoft   [26]  12

3d06h: RADIUS:   MS-Link-Util-Thresh[14]  6

3d06h: RADIUS:   00 00 00 32                                      [???2]

3d06h: RADIUS:  Vendor, Microsoft   [26]  12

3d06h: RADIUS:   MS-Link-Drop-Time-L[15]  6

3d06h: RADIUS:   00 00 00 78                                      [???x]

3d06h: RADIUS: saved authorization data for user 1A5FC30 at 1A4F4B8

3d06h: RADIUS: cisco AVPair "Shell:priv-lvl=15" not applied for shell

3d06h: RADIUS: unrecognized Vendor code 311

3d06h: RADIUS: unrecognized Vendor code 311

11323
Views
5
Helpful
17
Replies