dear /r/networking,
I am trying to setup the RADIUS authentication on a Cisco SG300 switch with Windows 2012 NPS. I've checked (also using packet capture) that NPS is sending Access-Accept with Vendor specific attribute set to shell:priv-lvl:15 but when try connecting via ssh or http I can't login and I get %AAA-W-REJECT entries in the switch logs.
Any ideas?
Relevant configuration is pretty basic
encrypted radius-server key <encrypted> radius-server host <nps ip addr> priority 1 ip http authentication aaa login-authentication http radius local aaa authentication login authorization SSH radius local aaa authentication enable authorization SSH radius enable line ssh login authentication SSH enable authentication SSH
No comments:
Post a Comment