Header Only - DO NOT REMOVE - Extreme Networks

Configure RADIUS Authentication mode


Dear community members,
I am trying to do radius user authentication from NetSight (6.3.0.168) with Microsoft NPS.
User authentification fails, for NetSight uses PAP but CHAP is needed.
Where can NetSight be configured for using CHAP instead of PAP ?

16 replies

Userlevel 7
Do you like to authenticated wireless/wired clients or do you mean authenticate the client that access the Netsight GUI ?

-Ron
Ron wrote:

Do you like to authenticated wireless/wired clients or do you mean authenticate the client that access the Netsight GUI ?

-Ron

I want to autheticate clients that can access the NetSight GUI.
Userlevel 7
You are right I get the same error.

The help state the following...

NOTE:The RADIUS Authentication mode supports PAP, CHAP, and MD5 authentication types.

... but I can't find an option to set it anywhere.

Looks like we'd need someone from the Netsight team to answer that.

-Ron
Userlevel 4
After looking around, it looks like you will need to make a new Advanced Radius configuration.



In the new Config, you can choose your authentication type.



Once you complete that, you go to "Authorization/Device access" and under "Users/Groups" you would choose your new Radius config under "Authentication Method"



Let us know if this helps 🙂
Joseph Burnsworth wrote:

After looking around, it looks like you will need to make a new Advanced Radius configuration.



In the new Config, you can choose your authentication type.



Once you complete that, you go to "Authorization/Device access" and under "Users/Groups" you would choose your new Radius config under "Authentication Method"



Let us know if this helps :)

Hi Joseph,
I created new AAA configuration as proposed with authentication type MsCHAP and saved it..
But when I go to "Authorization/Device access" and under "Users/Groups" I do not see newly created Radius config under "Authentication Method" to choose.
What is wrong ?
Userlevel 4
Joseph Burnsworth wrote:

After looking around, it looks like you will need to make a new Advanced Radius configuration.



In the new Config, you can choose your authentication type.



Once you complete that, you go to "Authorization/Device access" and under "Users/Groups" you would choose your new Radius config under "Authentication Method"



Let us know if this helps :)

Did you enforce your changes?
Joseph Burnsworth wrote:

After looking around, it looks like you will need to make a new Advanced Radius configuration.



In the new Config, you can choose your authentication type.



Once you complete that, you go to "Authorization/Device access" and under "Users/Groups" you would choose your new Radius config under "Authentication Method"



Let us know if this helps :)

Sorry, there is nothing to enforce; I am not using a NAC appliance.
I want to use Microsoft NPS a radius server.
Userlevel 3
Joseph Burnsworth wrote:

After looking around, it looks like you will need to make a new Advanced Radius configuration.



In the new Config, you can choose your authentication type.



Once you complete that, you go to "Authorization/Device access" and under "Users/Groups" you would choose your new Radius config under "Authentication Method"



Let us know if this helps :)

You can always enable PAP for a specific connection request policy in NPS.
Joseph Burnsworth wrote:

After looking around, it looks like you will need to make a new Advanced Radius configuration.



In the new Config, you can choose your authentication type.



Once you complete that, you go to "Authorization/Device access" and under "Users/Groups" you would choose your new Radius config under "Authentication Method"



Let us know if this helps :)

But thats not the problem;
The user guide states:
NOTE:The RADIUS Authentication mode supports PAP, CHAP, and MD5 authentication types.
But CHAP is not working.
Userlevel 7
Joseph Burnsworth wrote:

After looking around, it looks like you will need to make a new Advanced Radius configuration.



In the new Config, you can choose your authentication type.



Once you complete that, you go to "Authorization/Device access" and under "Users/Groups" you would choose your new Radius config under "Authentication Method"



Let us know if this helps :)

I think you'd need to open a GTAC ticket for this.

I'm with you.... the NOTE should also tell that you'd only do it with a NAC license.

-Ron
Userlevel 7
You mean the AAA-advanced config in the NAC Manager correct ?
Userlevel 4
yessir, sorry about that
Userlevel 7
Thanks a lot !!!

So someone with only a base Netsight license can't configure it as they don't have access to the NAC manager because the app is unlicensed 🙂
Userlevel 4
As an alternate, you could use LDAP for this. I do believe that is is all versions. Please correct me if I am wrong on that
Joseph Burnsworth wrote:

As an alternate, you could use LDAP for this. I do believe that is is all versions. Please correct me if I am wrong on that

YES, LDAP is working, but this is not the solution for the problem.
The user guide states:
NOTE:The RADIUS Authentication mode supports PAP, CHAP, and MD5 authentication types.
But CHAP is not working.
Userlevel 7
LDAP works fine and I personaly have a NMS-U license so not a big deal for myself

It's just weird that the function requires NAC manager to configure and I wonder whether is should be that way.

Reply