Header Only - DO NOT REMOVE - Extreme Networks

Extreme C5210, cannot get RADIUS controller logon to work to save my life


Userlevel 5
I am attempting to do something really simple. That is, get RADIUS off the ground. I figured the easiest starting task would be to use it for controller management logons, but even this has proved impossible.

Now I am in a situation where RADIUS on my Windows 2008 R2 server is logging a success "Network Policy Server granted full access to a user because the host met the defined health policy" and yet my Extreme controller is denying the logon.

When I run a Wireshark, I can see the ACCESS-REQUEST and ACCESS-ACCEPT messages being exchanged.

So why isn't my Extreme controller happy with this outcome?

SOME PICTURES:









8 replies

Userlevel 7
You need to return back Service-Type=Administrative
Userlevel 7
Doug wrote:

You need to return back Service-Type=Administrative

Try....

Userlevel 5
Doug wrote:

You need to return back Service-Type=Administrative

UGH. That did the trick. Thank you!!!

Did I miss that in the documentation somewhere? It seems really vague in this area.
Userlevel 7
Doug wrote:

You need to return back Service-Type=Administrative

Also get rid of NAS Port Type VPN as a Condition.
Userlevel 7
Doug wrote:

You need to return back Service-Type=Administrative

Let me check out the guides... I'm sure it's there somewhere.
Userlevel 7
Doug wrote:

You need to return back Service-Type=Administrative

https://gtacknowledge.extremenetworks.com/articles/How_To/How-do-I-configure-RADIUS-Management-login...

not sure whether that one could save lifes 🙂
Userlevel 7
Doug wrote:

You need to return back Service-Type=Administrative

I'm going to add the Adminstrative option to the article. The Enterasys policy string might be confusing if you... A. Don't know what Enterasys is or means B. Don't use Policy Manager
Doug wrote:

You need to return back Service-Type=Administrative

Doug, you beat me to it!

Reply