Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

new installation

4 views
Skip to first unread message

George

unread,
Feb 3, 2010, 2:48:01 AM2/3/10
to
hello.
i have a 2008 r2 which runs as my AD. recently i have installed the network
policy and access services. now, i have configured the same AD server as a
radius client and one cisco switch as a radius client, the policies have been
configure to allow a specific username that belongs to a specific group. now
when i try to connect to the switch the authentication fails. in the server
event i get the message "The user attempted to use an authentication method
that is not enabled on the matching network policy."
basically what i need to do is for my cisco switches to be able to log in
with my windows credentials.
what am i missing? is there a step by step guide to illustrate how to
implement it?
thank you in advance

James McIllece [MS]

unread,
Feb 9, 2010, 6:47:28 PM2/9/10
to
=?Utf-8?B?R2Vvcmdl?= <Geo...@discussions.microsoft.com> wrote in
news:1C2545A6-3F3E-4ADB...@microsoft.com:

Hi there --

You can use the "802.1X Authenticated Wired Access Deployment Guide," at
http://technet.microsoft.com/en-us/library/dd348468(WS.10).aspx

Thanks --

--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.

James McIllece [MS]

unread,
Feb 26, 2010, 4:30:52 PM2/26/10
to
=?Utf-8?B?R2Vvcmdl?= <Geo...@discussions.microsoft.com> wrote in
news:1C2545A6-3F3E-4ADB...@microsoft.com:

> hello.

Hi there --

With your described configuration, you don't want to configure the AD/NPS
computer as a RADIUS client -- the NPS server is the RADIUS server. So only
the switch is acting as a RADIUS client to the RADIUS server.

You must choose an authentication method that both client computers and the
NPS server support, and then you must deploy the authentication method. For
example, if you are going to use Protected Extensible Authentication
Protocol (PEAP) with Microsoft Challenge Handshake Authentication Protocol
version 2 (MS-CHAP v2), or PEAP-MS-CHAP v2, you must deploy a server
certificate on the NPS server from a certification authority that your
client computers trust.

In addition, your switch must support the authentication method you choose.
(If you choose an EAP-based authentication method, you probably need to
enable EAP on the switch, unless it's enabled by default.)

After you have chosen and deployed your authentication method, you must
make sure that you configure network policy in NPS with that method, and
also make sure the policy grants (rather than denies) access.

You can use the following guides to deploy a switch that is both RADIUS and
802.1X-capable with NPS:

802.1X Authenticated Wired Access Design Guide at
http://technet.microsoft.com/en-us/library/dd378864(WS.10).aspx

802.1X Authenticated Wired Access Deployment Guide at

0 new messages