Configure RADIUS Authentication mode

  • 0
  • 1
  • Problem
  • Updated 2 years ago
  • Solved
Dear community members,
I am trying to do radius user authentication from NetSight (6.3.0.168) with Microsoft NPS.
User authentification fails, for NetSight uses PAP but CHAP is needed.
Where can NetSight be configured for using CHAP instead of PAP ?
Photo of Stefan

Stefan

  • 120 Points 100 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,306 Points 20k badge 2x thumb
Do you like to authenticated wireless/wired clients or do you mean authenticate the client that access the Netsight GUI ?

-Ron
Photo of Stefan

Stefan

  • 120 Points 100 badge 2x thumb
I want to autheticate clients that can access the NetSight GUI.
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,306 Points 20k badge 2x thumb
You are right I get the same error.

The help state the following...

NOTE:The RADIUS Authentication mode supports PAP, CHAP, and MD5 authentication types. 

... but I can't find an option to set it anywhere.

Looks like we'd need someone from the Netsight team to answer that.

-Ron
Photo of Joseph Burnsworth

Joseph Burnsworth

  • 2,328 Points 2k badge 2x thumb
After looking around, it looks like you will need to make a new Advanced Radius configuration.


 In the new Config, you can choose your authentication type.



Once you complete that, you go to "Authorization/Device access" and under "Users/Groups" you would choose your new Radius config under "Authentication Method"



Let us know if this helps :)
(Edited)
Photo of Joseph Burnsworth

Joseph Burnsworth

  • 2,328 Points 2k badge 2x thumb
Did you enforce your changes?
Photo of Stefan

Stefan

  • 120 Points 100 badge 2x thumb
Sorry, there is nothing to enforce; I am not using a NAC appliance.
I want to use Microsoft NPS a radius server.
Photo of Matthew Hum

Matthew Hum, Principal Engineer, APAC

  • 1,542 Points 1k badge 2x thumb
You can always enable PAP for a specific connection request policy in NPS.
Photo of Stefan

Stefan

  • 120 Points 100 badge 2x thumb
But thats not the problem;
The user guide states:
NOTE:The RADIUS Authentication mode supports PAP, CHAP, and MD5 authentication types.
But CHAP is not working.
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,152 Points 20k badge 2x thumb
I think you'd need to open a GTAC ticket for this.

I'm with you.... the NOTE should also tell that you'd only do it with a NAC license.

-Ron
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,306 Points 20k badge 2x thumb
You mean the AAA-advanced config in the NAC Manager correct ?
Photo of Joseph Burnsworth

Joseph Burnsworth

  • 2,328 Points 2k badge 2x thumb
yessir, sorry about that
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,306 Points 20k badge 2x thumb
Thanks a lot !!!

So someone with only a base Netsight license can't configure it as they don't have access to the NAC manager because the app is unlicensed :-)
Photo of Joseph Burnsworth

Joseph Burnsworth

  • 2,328 Points 2k badge 2x thumb
As an alternate, you could use LDAP for this. I do believe that is is all versions. Please correct me if I am wrong on that
Photo of Stefan

Stefan

  • 120 Points 100 badge 2x thumb
YES, LDAP is working, but this is not the solution for the problem.
The user guide states:
NOTE:The RADIUS Authentication mode supports PAP, CHAP, and MD5 authentication types.
But CHAP is not working.
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,306 Points 20k badge 2x thumb
LDAP works fine and I personaly have a NMS-U license so not a big deal for myself

It's just weird that the function requires NAC manager to configure and I wonder whether is should be that way.