18.02.2010 23:03:45
 rabcdabcd Posts: 3
|
I am very new to Radius server related config. I have installed TekRadius on my Windows XP with SP3. I have also configure Cisco 3750 switch with one port for dot1x authentication. I would like to consider NT authentication. How should I configure on Tek Radius side so the port I have configured on Cisco 3750 where Laptop is connected gets authentication and so on. I am lost. Any help will be very much appreciated.... Thansk in advanced. My siwtch and port config is: conf taaa new-modelaaa authentication dot1x default group radiusaaa authorization network default group radiusdot1x system-auth-controlradius-server host 10.10.65.158 radius-server host 10.10.65.158 auth-port 1812 acct-port 1646 key ciscoradius-server key ritaradius-server vsa send authenticationconf tint gig 0/3switchport access vlan 65switchport mode accessdot1x port-control autodot1x host-mode single-hostdot1x auth-fail vlan 4dot1x guest-vlan 7
How should I take care of on the tekradius side so the port on which laptop is connected gets the authentication with Microsoft AD? Do I need special setup on windows XP laptop for this. As I conencted laptop to the port, machine stopped communicaiton. I had no way to authenticate to Radius server from laptop.
Thansk
|
|
0
• permalink
|
19.02.2010 16:24:03
 Admin Administrator Posts: 1684
|
Hi,
I assume that you have sucessfully installed TekRADIUS with SQL server.
Add your switch as a RADIUS client in Clients tab. Create a user profile with at least User-Password attribute (Check) as instructed in TekRADIUS manual.
You can not use AD integration with 802.1X authentication in TekRADIUS since 802.1X authentication methods does not use PAP authentication. TekRADIUS needs to receive cleart text user-password in order to query AD for the login request.
Best regards,
Yasin KAPLAN
|
|
0
• permalink
|
20.02.2010 02:13:30
 rabcdabcd Posts: 3
|
I tried as per your advise. no luck.
Here is my config on Cisco Switch side:
conf t aaa new-model aaa authentication dot1x default group radius aaa authorization network default group radius dot1x system-auth-control radius-server host 10.10.65.158 radius-server host 10.10.65.158 auth-port 1812 acct-port 1646 key cisco radius-server key cisco radius-server vsa send authentication
On Tek Radous server side:
Addes my switch IP address added with cisco secret and cisco vendor name
Also created a user ID cisco with default group with cisco as password.
I tried to telnet the cisco switch, I am being asked username. I tried the username the one I created in Tekradius but it does not accept the password. Thanks for your help...
|
|
0
• permalink
|
20.02.2010 09:44:12
 Admin Administrator Posts: 1684
|
Hi,
In order to authorize Cisco Telnet Sessions you need have something different...
You need create a user profile like;
Attribute Type Value UserPassword check Password cisco-avpair reply shell:priv-lvl=15 Service-Type reply NAS-Prompt
Please see http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a008009465c.shtml for Cisco configuration.
Best regards,
Yasin KAPLAN
|
|
0
• permalink
|
22.02.2010 16:00:49
 rabcdabcd Posts: 3
|
Thank you very much!!!!!!!!!!!!!
|
|
0
• permalink
|
26.02.2010 13:04:51
 Admin Administrator Posts: 1684
|
You welcome
|
|
0
• permalink
|
06.04.2010 22:15:13
 abdielhiram Posts: 3
|
Hi All
I found the software very easy to use, but new to radius. I am a bit confused on the items you say are need to be added. I tried the GUI but i can't seem to find where to edit these
Attribute Type Value UserPassword check Password cisco-avpair reply shell:priv-lvl=15 Service-Type reply NAS-Prompt
Is it from the GUI?
please advice
Abdiel
|
|
0
• permalink
|
06.04.2010 22:18:14
 abdielhiram Posts: 3
|
Having the same issue, but not clear where i need to edit this values...
Attribute Type Value UserPassword check Password cisco-avpair reply shell:priv-lvl=15 Service-Type reply NAS-Prompt
Please advice,
Abdiel
|
|
0
• permalink
|
07.04.2010 08:22:28
 Admin Administrator Posts: 1684
|
Hi, You can add a user in Users tab. You can configure attributes after adding the user. You must add reply attributes as Success-Reply attributes. Best regards, Yasin KAPLAN
|
|
0
• permalink
|
07.04.2010 18:24:44
 abdielhiram Posts: 3
|
Hi again, sorry for my ignorance. i added the user attributes on the cisco user, however telnet still won't authenticate the cisco user... i added this lines to the config
aaa new-model aaa authentication dot1x default group radius aaa authorization network default group radius dot1x system-auth-control radius-server host 10.10.100.37 radius-server host 10.10.100.37 auth-port 1812 acct-port 1646 key cisco radius-server key cisco radius-server vsa send authentication
admin wrote:
Hi, You can add a user in Users tab. You can configure attributes after adding the user. You must add reply attributes as Success-Reply attributes. Best regards, Yasin KAPLAN
|
|
0
• permalink
|
08.04.2010 08:37:04
 Admin Administrator Posts: 1684
|
Please see following link for Cisco configuration; http://www.cisco.com/en/US/docs/ios/12_0/security/configuration/guide/scrad.html
You can check TekRADIUS response examining TeKRADIUS.log. Set Logging = Debug at Settings / Service Parameters before checking TekRADIUS.log. edited by admin on 13.04.2010
|
|
0
• permalink
|