Cisco AAA with RADIUS against Active Directory through the NPS role in Windows Server 2012 R2
HTML-код
- Опубликовано: 15 сен 2024
- In this video I demonstrate setting up Active Directory authentication for a Cisco router IOS. This will be using AAA and RADIUS through the Network Policy Server (NPS) role in Windows Server 2012 R2 to authenticate users in Active Directory on Cisco IOS devices.
oh man you are a life saver. I was only getting it partly working with a bunch of other walkthroughs. Yours worked right off the bat. Thank you!
Windows Server 2016 - C9300 on 16.8.1a
Outstanding, I had all the right pieces in place but they were not lined up correctly on my Server 2019 and Cisco Catalysis 9300. All set now, thanks for putting this out there.
How are you making this work using MS-CHAP? My previous setup on 2012 required me to use "Unencrypted authentication (PAP, SPAP).
i am also interested to know
Great video, but the splash screen at the end made me shard a little.
I configured everything exactly as shown in here but still there's a problem authenticating.
@Nehemiah Brayan, when tried it I got a virus and my entire family got cancer. My kids are dead because of instaportal. Do not use instaportal.
Thank you so much it's worked for me
To connect a user through the wireless network, what type of radius authentication must the switch have?
It is working if I unchecked all button except Unencrypted authentication (PAP, SPAP) on Authentication Methods under Network policies :)
Same here, i do a equal action.
Thanks, this solved it.
Which part bro in this video
Solved my issue, thanks.
mine too. i wonder how he made it work using the other authentication protocols.
No need to define authen and authoriz commands under the line vty 0-4?
Has anyone configured a cisco switch with radius from DUO using their auth proxy? Would the cisco side of this tutorial be the same?
Great video thank you, do you have one on Cisco ICE 👍👍👍
don't forget to use (BAP percentage of capacity), sometime the radius won't work without it.
Nice video mate
Hi, thanks for the tutorial. I tested this with a Windows Server 2012R2, which is currently also being used as our MAB-server. My iOS device is an old Cisco1721 using iOS 12.4(25d).
I am sitting in an AD-forest and assume my testingdevice is too old. I wonder if the command "domain-stripping" could add the domain automatically to the username.
Can you confirm this thought?
_____
Oh, also I'm not sure if you mentioned, but the local account is only being used when the Cisco IOS device cannot pass the authentication to the radius OR the radius cannot pass it to the active direcotry.
just for the nps server ?? how can i add one in my lab ?
Great tutorial! Quick question for you for anyone that might know. Do you know if after enabling aaa for authentication is the option still available to login with the local credentials that were created on the router/switch?
got same question when radius server is down, local credential should work but he did not mention it here
Is it possible to then limit who can log into the router, such as only a certain group in AD/LDAP?
how about the failover if the NPS(radius is down) the local admin should work right?
yes
it doesn't work mate, the syslog said: invalid_group_handle , anyone can help please))
the acouch-adm account comes from where ?????
That is the user (Adam Couch, acouch-adm@BTSLAB.COM) that is added to the Network Admins security group at the 2:32 mark in the video.
Hi, where do you defined acouch-adm?
That is the user (Adam Couch, acouch-adm@BTSLAB.COM) that is added to the Network Admins security group at the 2:32 mark in the video.