Unsolved
This post is more than 5 years old
1 Message
0
32816
August 18th, 2008 20:00
Powerconnect 5448 : IAS RADIUS issues
Hello everyone,
I have been trying to configure the 5448 to accept Windows AD logons using IAS and RADIUS. I have followed the document explaining how to do so for the PowerConnect 3424, without success. Here are my settings, I hope someone can find what's wrong with them.
First here's the relevant configuration commands ( I have modified the hostname because I am paranoid like that) :
interface vlan 2599
ip address 95.16.254.19 255.255.255.0
exit
ip default-gateway 95.16.254.1
hostname switchtest
radius-server host 95.16.253.43 auth-port 1812 acct-port 1813 key test usage login
radius-server retransmit 1
radius-server source-ip 95.16.254.19
radius-server timeout 5
aaa authentication login radius_local radius local
line telnet
login authentication radius_local
exit
username admin password 308862e95b5c29741f1e69b5411f1129 level 15 encrypted
Policy Config
Auth Config :
Attributes :
Client Properties:
Here's what happens on the Windows side when I try to authenticate :
Packet Capture:
Windows Event Viewer:
User XYZ was granted access.
Fully-Qualified-User-Name = xxxxxxxx
NAS-IP-Address = 95.16.254.19
NAS-Identifier =
Client-Friendly-Name = xxxxxxxx
Client-IP-Address = 95.16.254.19
Calling-Station-Identifier =
NAS-Port-Type =
NAS-Port =
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server =
Policy-Name = Telecom Dell 5448
Authentication-Type = PAP
EAP-Type =
So it seems that it should be working. Here's the 5448's RAM Log output, when I have local auth as a fallback :
switchtest> 18-Aug-2008 16:44:55 %AAA-W-REJECT: New telnet conne
ction for user XYZ, source 95.16.254.32 destination 95.16.254.19 REJECTED
Ram Log output again, this time with no local fallback:
18-Aug-2008 16:50:39 %AAA-W-REJECT: New telnet connection for user failed due to
bad/missing configuration , source 95.16.254.32 destination 95.16.254.19 REJECTED
And that's pretty much where I'm at right now. Any help will be greatly appreciated.
Paul.Mc
1 Message
0
September 24th, 2008 21:00
Hi Newbie, did you solve your problem?
I am having the same issue and for the life of me can't see what the problem is. Currently I have all my Dells authenticating locally and my Ciscos using IAS/NPS.
Can someone please shed some light on Dell PowerConnect switches using Microsoft IAS Radius.
Thanks in advance.
Paul
artiepesh
11 Posts
0
March 1st, 2011 13:00
Same issue here..i am using Dell PowerConnects 5448 trying to use Windows 2008 R2 NPS server.
01-Mar-2011 15:08:10 %AAA-W-REJECT: New ssh connection for user jdoe, source 10.19.1.69 destination 10.15.0.9 REJECTED
shess65
2 Posts
0
December 4th, 2020 10:00
Did anyone ever figure this one out? I'm having the same issue with Server 2016 - N-series work fine but powerconnect switchs won't.
DELL-Josh Cr
Moderator
•
9.6K Posts
•
42.5K Points
0
December 4th, 2020 14:00
Hi,
Try the steps here https://dell.to/2IbN1eG
Krastek
6 Posts
0
June 24th, 2022 01:00
Hello,
I'm having the same exact issue.
- RADIUS authentication works just fine on N series switches
- I get AAA-W-REJECT with Powerconnect 5548 although I get IAS_Success on the NPS server
Why on Earth would switch reject a user after receiving an authentication success reply from a NPS server?
I browsed through the links that Dell-Josh Cr posted but found nothing relevant there.
Can anybody help me here?
Krastek
6 Posts
0
June 24th, 2022 02:00
Hello Joey,
It's 4.1.0.24.
DELL-Joey C
Moderator
•
4.2K Posts
•
21K Points
0
June 24th, 2022 02:00
Hi @Krastek,
What firmware is on the Powerconnect 5548?
Krastek
6 Posts
0
June 24th, 2022 04:00
I have finally found the solution to my problem. I followed darylhunter.me blog entry on how to configure the NPS policy for Dell Powerconnect and it worked!
What made it work was exactly these:
And from what I tested, these settings work for N-series too, so there's no need to create a separate policies.