Ethernet Switches & Routers

Reply
Highlighted
Contributor
Posts: 21
Registered: ‎02-01-2013
Accepted Solution

Radius W2k8 + ICX6450 Config

Hi all,

i want to know if someone have a document for windows 2k8 RADIUS service and brocade switches (firmware version 8) to configure it.

I try with a diferent document but no one its worked

 

Can i do a domain user authenticate with his credential in a switch?

maybe i wrong with i try to do.

Sorry for my bad english and thanks

Nicolas

Brocade Moderator
Posts: 226
Registered: ‎06-30-2010

Re: Radius W2k8 + ICX6450 Config

Hi Nicolas,

 

There is a previous thread that should help

 

https://community.brocade.com/t5/Ethernet-Switches-Routers/FWS-2k8-NPS-RADIUS/m-p/27299#M1874

 

Hopefully this should provide some assistance

 

Regards

Mick


If my response has solved your query please click the "Accept as Solution" button.

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers.

All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider.
Contributor
Posts: 21
Registered: ‎02-01-2013

Re: Radius W2k8 + ICX6450 Config



Hi Mick and thanks por the link.


maybe can help becouse i try config but doesnt work because in the switch say "wrong user or password"

here my config

Switch:

aaa authentication enable default radius
aaa authentication login default radius
aaa authorization exec default radius
ip address 172.20.2.208 255.255.0.0
ip dns server-address 172.20.1.203
no ip dhcp-client enable
!
radius-server host 172.20.4.230
radius-server key 2 $UyFnQHNVIVpRM1k=
!


Windows 2k8 Radius server (172.20.4.230): I attach the capture

 

 Again sorry but i new with configure another authentication mode

 

Contributor
Posts: 21
Registered: ‎02-01-2013

Re: Radius W2k8 + ICX6450 Config

I attach the traffic capture with wireshark 

 

 

Brocade Moderator
Posts: 226
Registered: ‎06-30-2010

Re: Radius W2k8 + ICX6450 Config

Hi,

 

Have you got the vendor specific attribute configured as descibied in document and also have you looked at the Radius section of the Configuration Guide here

 

Regards

Mick


If my response has solved your query please click the "Accept as Solution" button.

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers.

All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider.
Contributor
Posts: 21
Registered: ‎02-01-2013

Re: Radius W2k8 + ICX6450 Config

How  Mike, thanks for replying again.

From what I understand in the manual, it refers to the Brocade ID, right? I already had it configured. I attached a screenshot  to see if we are talking about the same thing.

Again thank you very much

Brocade Moderator
Posts: 226
Registered: ‎06-30-2010

Re: Radius W2k8 + ICX6450 Config

Hi,

 

I have not configured this myself on W2K8 but, once you have the Vendor-ID 1991 configured then you need to specify the Attributes that you wish the RADIUS server to return.

 

Attribute ID 1 (foundry-privilege-level) with a value set to one of the following values depending on whats required

 

0 - Super User level
4 - Port Configuration level
5 - Read Only level

 

This attribute will then be returned with Access-Accept packet sent by the RADIUS server when user logs in with a valid username/password

 

I am now looking again at your capture and I see that when user logs in the RADIUS server is sending an Access-Reject which would seem to indicate that the username/password was not accepted, you will need to work out why this is happening you must get an Access Accept before any other attributes can be passed on by RADIUS

 

I would suggest configuring a simple username/password combination for testing

 

The entire setup process is well documented here and the Authentication process here

 

Hope this helps

 

Regards

Mick


If my response has solved your query please click the "Accept as Solution" button.

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers.

All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider.
Contributor
Posts: 21
Registered: ‎02-01-2013

Re: Radius W2k8 + ICX6450 Config

Hi Mike, I read the documentation that you gave me and compare it with my configuration and everything would be fine (in the switch)

I think because the error message I see in wireshark is that the problem comes from something bad configure on the RADIUS server in Windows.

If my domain is CABA (the user group allowed in RADIUS is "CABA \ technology") when I have to login in swtich, would it be the user alone ?
or "CABA \ username"
or"user"
or "user@caba.com"?
Because it is rare that the message is "bad user or password"

Thanks again
Brocade Moderator
Posts: 226
Registered: ‎06-30-2010

Re: Radius W2k8 + ICX6450 Config

Hi,

 

Yes agreed the configuration you have on the switch looks fine

 

Just noticed you are using CHAP have you tried setting up using PAP (unencrypted) rather than CHAP

 

Regards

Mick


If my response has solved your query please click the "Accept as Solution" button.

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers.

All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider.
Contributor
Posts: 21
Registered: ‎02-01-2013

Re: Radius W2k8 + ICX6450 Config

Hi Mick and thanks again for your help.

 

I setting up PAP in the radius server (i attach a capture) and doesnt work =( . I attach too a screenshot from wireshark with PAP. 

I really dont know what to do with this because i dont see nothing of this in internet :s

 

Thanks 

 

Nicolas 

 

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.