Hello everybody. I have encountered with problem that concerns auth problem between HP Aruba 2530-48G switch and FAC. The scheme is: We have Active Directory integrated in FAC, one of the AD threads has been imported to the FAC. Switch has been configured with commands:
Switch HP Aruba 2530-48G RADIUS configuration:
radius-server host 10.1.245.66 key <radius key> aaa authentication port-access eap-radius
aaa port-access authenticator 10
aaa port-access authenticator 10 client-limit 1
aaa port-access authenticator active
From the FAC side the next things have been configured:
1) Added Client (Switch IP address) + shared secret for radius connect.
2) Created User Group as Remote LDAP type and there was assigned some RADIUS attributes under it like Tunnel-type - VLAN, Tunnel-Medium-Type - IEEE-802 and Tunnel-Private-Group-ID - <vlan number's here>
3) Created Policy (RADIUS Clients -> Added prior created client (switch ip), RADIUS Attribure criteria -> tumbler is off, Authentication type -> Password/OTP, Accept EAP, Accept PEAP tubler's turned on, IDENTITY Source -> AD realm's used, authentication factors -> Every configured password/OTP). After that, I've configured Windows 10 PC network Ethernet to use 802.1x authentication and when I provide Active Directory user's credentials - the authentication is failed and FAC logs show me info from screenshot. Any idea?
Check https://Your-FAC-IP-or-FQDN/debug/radius/ for RADIUS debug details. Even without "debug mode" that simpler log should show a plenty of output.
Remote Auth.Servers / LDAP used to contact AD is normal LDAP, or does it have "Windows Active Directory Domain Authentication" set ?
If it's set, is it then in RADIUS Service / Policy / Identity source / "Use Windows AD Domain Authentication" turned on for that LDAP based realm ?
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.