3324 Radius Authentication

Question

Has anyone ever gotten Radius authentication to work on the 3324's? We have a few of them and I'd like them to authenticate admins against Windows' IAS.   Ethereal sees the request come in to the radius box and sees the 'accept' go back. I've tried playing with the various response attributes per other suggestions in this forum, but no dice so far.   What's the secret?   Thanks, Peter

DELL-Cuong N. · Answer

Yes we have tested with several Radius servers but not I have not tried Windows IAS. I have no experience with IAS so I have sent your question to a few other engineers. Hopefully someone will have used it before and will be able to provide some insight. When someone response with more info I will post their response here.

Cuong.

GregG1 · Answer

pzand,   I emailed you a document I wrote on configuring the 3324 for RADIUS authentication using IAS. Please check your email.

pzand · Answer

Greg,   I saw your email. I'll try this out and let you know. Thanks a bunch!   Peter

johneijg · Answer

Can you please post the document or e-mail it?

DELL-Cuong N. · Answer

Greg gave me the document too and I'm going to see if I can get the document posted somewhere on support web site.  For now though, I'm emailing the document to you. Cuong.

DonWehi · Answer

Can you please send this document also to me. Try to integrate several 5324 and 3324 Switches with IAS and Windows 2003 server. Many thanks for your help and support Markus

GregG1 · Answer

DonWehi,   I sent you the whitepaper. Check your email.

DonWehi · Answer

Hi Greg

Many thanks for the docu and they gave me an impression what's to do. Do you have also a configuration example for a PowerConnect 5324 - HTTP access with RADIUS authentication? Everything works fine with RADIUS but the information back from the RADIUS Server is not working i.e is not the one, that the 5324 is awaiting. Many thanks in advance for any help.

DonWehi

pzand · Answer

Greg,

Thanks again for the document. Works like a champ! I must have missed something simple somewhere.

One thing that I'm confused about, though. When selecting "local", then "radius", I would expect the switch to search its local database for the user. If it can't find it, I would expect it to do radius. From the behavior that I'm seeing, it looks like this only works when the local database is completely empty. If there are any entries locally, it'll never do radius. Am I missing something again? :)

Thanks!

Peter

GregG1 · Answer

This is normal operation. You need to think of the authentication method list like an access list.   The switch will attempt to authenticate using the first option in the list. If the switch attempts to authenticate locally, but the user does not exist in the local database, this would constitute an authentication failure. When encountering a failure, the switch will not move on to try the next option in the list.   When using a method list with RADIUS then local, the switch will attempt to authenticate using the RADIUS server. If the RADIUS server is down or unreachable, the authentication will time out and the switch will attempt to authentication using the local database. If the RADIUS server is contacted, but the username/password is incorrect, this will contstitute a failure and the switch will not move on to try the next option in the list.

pzand · Answer

Understood. Thanks Greg!

DELL-Cuong N. · Answer

Never mind - Greg already answered. Message Edited by DELL-Cuong N. on 09-21-2005 11:22 AM

DELL-Cuong N. · Answer

Message Edited by DELL-Cuong N. on 09-21-2005 11:23 AM

Networking General

3324 Radius Authentication

Was this post helpful?