For more details, please see ourCookie Policy.


Fibre Channel (SAN)

Reply
Highlighted
Occasional Contributor
Posts: 19
Registered: ‎04-13-2010

Re: reseting RADIUS config

Hi Andreas,

the comman you have provided don't work on my switch, 5100 FOS 6.4.0b

aaaconfig --authspec "RADIUS;local" -backup  -- is that correct?


I attach a zip file with the screenshots.

NPS is Network Policy Server where I can configure RADIUS as in IAS but this is new to me too.

Regards,

Gunter

External Moderator
Posts: 5,680
Registered: ‎02-23-2004

Re: reseting RADIUS config

Here a alternative RADIUS vs Native Windows Server Radius.

http://www.tekradius.com/

TechHelp24
Occasional Contributor
Posts: 19
Registered: ‎04-13-2010

Re: reseting RADIUS config

Hi,

hat's great but nothing what the customer like to use - sorry.

Regards,

Gunter

Occasional Contributor
Posts: 19
Registered: ‎04-13-2010

Re: reseting RADIUS config

Hi,

here attached a NPS log from my winserver2008.

Regards,

Gunter

Occasional Contributor
Posts: 19
Registered: ‎04-13-2010

Re: reseting RADIUS config

sorry, wrong file - it's friday

Anonymous
Posts: 0

Re: reseting RADIUS config

I saw an error on your switch configuration. you paste the charcter in in the aaaconfig command authspec. You need qutoes and not the HTML tag for quotes.

;-)

In the first step remove the password policy from your RADIUS config.

Just to sort the errors out.

Change CHAP to PAP protocol. Your logfile show following:

Reason The user could not be authenticated using Challenge Handshake Authentication Protocol (CHAP). A reversibly encrypted password does not exist for this user account. To ensure that reversibly encrypted passwords are enabled, check either the domain password policy or the password settings on the user account.

This means you have currently not set up the Winodws AD parameter correctly which allows reversibly encrypt the password which is needed to use CHAP. Some AD guys or sercurity admins will not allow this change.

This topic is written in the Brocade documentation.

The only way out is to use PAP with all pros and cons or to switch to LDAP/AD which also needs some extension to AD which is sometimes difficult to get from the AD guys as well.

I hope this helps,

Andreas

Occasional Contributor
Posts: 19
Registered: ‎04-13-2010

Re: reseting RADIUS config

Hi Andreas,

have tested with various configurations again but error still occurs.

The switch now have two AAA Services - RADIUS and Switch database backup - as I wont (configured with diabled ethernet connection - normal behavior?).

The NPS RADIUS Connection Request Policy, I like to configure, seems to be problematic. Currently I have a local Server2008 only, without AD.

I used your IAS example and also configured as it is in the Admin Guide for Windows, but so far no success.

Error:   ReasonCode 49

           Reason         The RADIUS request did not match any configured connection request policy (CRP).

The CRP is the only policy I have configured currently.

So far I have unfortunately no specific example of the NPS found at Brocade - maybe you ?
Regards,
Gunter
Anonymous
Posts: 0

Re: reseting RADIUS config

Gunter,

now you have a different error message.

Your first error was because the password can not be encoded by windows due to the fact that you have use CHAP and not set the registry.

Now I assume that you use PAP on the Brocade SAN switch as protocol.

In this case you have now a new or additional configuration issue.

Your Connection Request Policy is wrong.

The client does not match to your configuration.

Please provide me some more details of the RADIUS client configuration and Connection Request Policy.

Pictures are helpful.

Andreas

External Moderator
Posts: 5,680
Registered: ‎02-23-2004

Re: reseting RADIUS config

Gunter,

correct syntax is:

aaaconfig --add SERVER_IP_ADDRESS, where is the RADIUS Server
aaaconfig --radiuslocalbackup

command

aaaconfig --show, list RADIUS settings

all that requiered a correct configure RADIUS Server, Port, Secret Password, Vendor Attributes, and Auth-Protocol should be set as CHAP.

PAP is supported but not suggested.

NOTE. Is the Server have more as One Ethernet Adapter, make sure the RADIUS is Pointed to Definied IP Address.

TechHelp24
Anonymous
Posts: 0

Re: reseting RADIUS config

Hi Techhelp,

Gunter had problems with his server because the Windows registry is not setup correctly to support CHAP!

So it would be good in the first step to get RAIUS up and running with PAP and in the second step to switch to CHAP when he had managed to setup the RADIUS config up and running on the Windows box.

Regards,

Andreas

Join the Broadcom Support Community

Get quick and easy access to valuable resources across the Broadcom Community Network.