turn on suggestions
![]() Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
|
04-05-2017 01:29 PM
Hi all,
i want to know if someone have a document for windows 2k8 RADIUS service and brocade switches (firmware version 8) to configure it.
I try with a diferent document but no one its worked
Can i do a domain user authenticate with his credential in a switch?
maybe i wrong with i try to do.
Sorry for my bad english and thanks
Nicolas
Solved! Go to Solution.
04-06-2017 12:56 AM
Hi Nicolas,
There is a previous thread that should help
https://community.brocade.com/t5/Ethernet-Switches-Routers/FWS-2k8-NPS-RADIUS/m-p/27299#M1874
Hopefully this should provide some assistance
Regards
Mick
04-07-2017 11:43 AM
Hi Mick and thanks por the link.
maybe can help becouse i try config but doesnt work because in the switch say "wrong user or password"
here my config
Switch:
aaa authentication enable default radius
aaa authentication login default radius
aaa authorization exec default radius
ip address 172.20.2.208 255.255.0.0
ip dns server-address 172.20.1.203
no ip dhcp-client enable
!
radius-server host 172.20.4.230
radius-server key 2 $UyFnQHNVIVpRM1k=
!
Windows 2k8 Radius server (172.20.4.230): I attach the capture
Again sorry but i new with configure another authentication mode
04-07-2017 12:51 PM
04-10-2017 01:00 AM
Hi,
Have you got the vendor specific attribute configured as descibied in document and also have you looked at the Radius section of the Configuration Guide here
Regards
Mick
04-10-2017 06:21 AM
How Mike, thanks for replying again.
From what I understand in the manual, it refers to the Brocade ID, right? I already had it configured. I attached a screenshot to see if we are talking about the same thing.
Again thank you very much
04-10-2017 06:55 AM
Hi,
I have not configured this myself on W2K8 but, once you have the Vendor-ID 1991 configured then you need to specify the Attributes that you wish the RADIUS server to return.
Attribute ID 1 (foundry-privilege-level) with a value set to one of the following values depending on whats required
0 - Super User level
4 - Port Configuration level
5 - Read Only level
This attribute will then be returned with Access-Accept packet sent by the RADIUS server when user logs in with a valid username/password
I am now looking again at your capture and I see that when user logs in the RADIUS server is sending an Access-Reject which would seem to indicate that the username/password was not accepted, you will need to work out why this is happening you must get an Access Accept before any other attributes can be passed on by RADIUS
I would suggest configuring a simple username/password combination for testing
The entire setup process is well documented here and the Authentication process here
Hope this helps
Regards
Mick
04-10-2017 01:13 PM
04-11-2017 01:02 AM
Hi,
Yes agreed the configuration you have on the switch looks fine
Just noticed you are using CHAP have you tried setting up using PAP (unencrypted) rather than CHAP
Regards
Mick
04-11-2017 05:43 AM
Hi Mick and thanks again for your help.
I setting up PAP in the radius server (i attach a capture) and doesnt work =( . I attach too a screenshot from wireshark with PAP.
I really dont know what to do with this because i dont see nothing of this in internet :s
Thanks
Nicolas