I am trying to RADIUS authenticate on my HP ProCurve 2910al W14.38 with both console and SSH.
My show authentication
shows the following:
Access Task | Login Primary Login Secondary Enable Primary Enable Secondary
----------------------------------------------------------------------------
Console | Radius Local Radius Local
SSH | Radius Local Radius Local
On my two DCs that are running NPS on the RADIUS Clients I have the 2 switches set and a secret key is set. The switches are communication with the RADIUS server. If it wasn't it would give me an error stating "Can't Reach RADIUS server".
When I try to SSH to my switches with my username and password for the domain it says access denied and closes the connection.
I can only login with admin account.
I can ping both RADIUS servers from the switch.
Switch Authentication Configuration:
aaa authentication login privilege- mode
aaa authentication console login radius local
aaa authentication console enable radius local
aaa authentication ssh login radius local
aaa authentication ssh enable radius local
radius-server host 192.168.4.100 key "XXXXX"
radius-server host 192.168.4.101 key "XXXXX"
Looks like the secret key is not the issue. There is something preventing my credentials from passing with the network policy. This is a default policy with the following settings:
Access Permissions - Grant Access
Authentication Method - Unencrypted authentication (PAP, SPAP) OR MS-CHAP v1 or MS-CHAP v1 (Users can change password after it has expired) OR MS-CHAP v2 (User can change password after it has expired).
NAP Enforcement - Allow full network access
Update Noncompliant Clients - True
Framed-Protocol - PPP
Service-Type - Administrative
Condition: User Group - <usergroup>
Condition: Client Friendly Name - Switch HostName
Not sure what is blocking the authentication.