For more details, please see ourCookie Policy.


Fibre Channel (SAN)

Reply
External Moderator
Posts: 5,620
Registered: ‎02-23-2004

Re: reseting RADIUS config

--->>>So it would be good in the first step to get RAIUS up and running !

In my preview Post, I wrote:

--->>> all that requiered a correct configure RADIUS Server, Port, Secret Password, Vendor Attributes, and Auth-Protocol should be set as CHAP.

AFAIK*, PAP is not supported for RADIUS Config on Brocade Switch in Combination with Windows Server 2008 !

--->>> PAP is supported but not suggested.

* Source:

Brocade Support.

TechHelp24
Anonymous
Posts: 0

Re: reseting RADIUS config

Hello Techhelp,

The last error message Gunter provide was an issue with Connection request Policy.

This has nothing to do with CHAP or PAP nor with suggest or not suggested. It is only about the way how the passwords are encryped.

It is clear that CHAP provides better password protection but in this case some more activities are needed on the RADIUS server which Gunter haven't done jet.

You are welcome to help Gunter with configuration examples of a working RADIUS server.

Andreas

External Moderator
Posts: 5,620
Registered: ‎02-23-2004

Re: reseting RADIUS config

--->>> You are welcome to help Gunter with configuration examples of a working RADIUS server.

Sure, i do that 4 Day ago.

11. Nov 4, 2011 9:45 AM in response to: gzimmerm

Re: reseting RADIUS config

Here a alternative RADIUS vs Native Windows Server Radius.

TechHelp24
Occasional Contributor
Posts: 19
Registered: ‎04-13-2010

Re: reseting RADIUS config

Hi Andreas and TechHelp24,

first many thanks for your effort and please excuse the delay

I've now done quite a lot of testing with different configurations. See short Doc attached.

My results are good and not good - just how you look.
With the Brocade Vendor Specific Attributes as they are described in the admin guide I had no luck - but may be due to the correct syntax.
With my minimal configuration I'm logged in on the switch as Admin role, that's okay. But if you can offer a customer this way, I don't know.
So I think there is more testing needed before we can rollout this.
Regards,
Gunter
External Moderator
Posts: 5,620
Registered: ‎02-23-2004

Re: reseting RADIUS config

Gunter

--->>> The RADIUS Attribute here is in Vendor Specific only “admin” nothing else.

give a look here

Before adding a VSA, check the list of attributes in the NPS dictionary. If the required VSA is present, use it. If not, you can add the VSA to the settings of the network policy.

http://technet.microsoft.com/en-gb/library/cc754417(WS.10).aspx

TechHelp24
Anonymous
Posts: 0

Re: reseting RADIUS config

run the userconfig --show command to see which chassis and user role you have. This is more helpful to see which rights you get from RADIUS.

Andreas

Occasional Contributor
Posts: 19
Registered: ‎04-13-2010

Re: reseting RADIUS config

.... userconfig --show

userconfig--show.JPG

Regards

Gunter

Anonymous
Posts: 0

Re: reseting RADIUS config

You have no chassis rights. This should be the reason why you can't run aaaconfig commands.

You should adjust now your RADIUS config.

I thinks you have a problem with your Vendor specific attributes.

The Vendor assigned attribute number does not fit to the correct value name. I can not see how you have set this is your config.

Andreas

Highlighted
Occasional Contributor
Posts: 19
Registered: ‎04-13-2010

Re: reseting RADIUS config

I think I don't need Chassis Rights, do I ? There is no VF configuration - sorry my failure.

As Antonio says I have only to study the NPS funktions and configuration - this is my lack, I know.

..  But a Brocade windows server8 NPS RADIUS practical example would be so nice...

I think we can leave it here now. Since I still have to handle other jobs I can perform further tests until next week.

Thanks again to you.

Regards
Gunter

Join the Broadcom Support Community

Get quick and easy access to valuable resources across the Broadcom Community Network.