Dear,
I can't find the 8 attributes to send back from the NPS/radius to login with AD-credentials on an OS6900?
I used the bitmap calculator and found the bitmaps to send back, but with which attribute-numbers on NPS?
For OS6450 I have found the attributes, but for the OS6900 I can't find them.
Kind regards,
Thomas
Login on OS6900 via NPS
-
tds85
Login on OS6900 via NPS
You do not have the required permissions to view the files attached to this post.
-
devnull
Re: Login on OS6900 via NPS
For login, the same bitmaps work as on 6450.
So Veendor 800,
41 - ffffffff
42 - ffffffff
9 - all
20 - Administrators
Not sure which exactly i need .. this works for all Alcatel devices i had.
You can also calculate the bitmaps in the webgui of the AOS (Security -> ASA -> Local Users -> Bitmap Calculator)
So Veendor 800,
41 - ffffffff
42 - ffffffff
9 - all
20 - Administrators
Not sure which exactly i need .. this works for all Alcatel devices i had.
You can also calculate the bitmaps in the webgui of the AOS (Security -> ASA -> Local Users -> Bitmap Calculator)
-
tds85
Re: Login on OS6900 via NPS
Hello,
you tried it on a 6900 ? because I got 4 bitmaps for RO strings AND 4 bitmaps for RW strings.
I will test it again;
Kind regards,
you tried it on a 6900 ? because I got 4 bitmaps for RO strings AND 4 bitmaps for RW strings.
I will test it again;
Kind regards,
-
devnull
Re: Login on OS6900 via NPS
I use Admin access via NPS on 6900, i must admit not with read-only users (just full admins) and this are the bitmaps i use.
-
tds85
Re: Login on OS6900 via NPS
doesn't seem to work,... but it handles the incoming request differently then the request from a 6450.
It seems not to match a NPS rule due to authentication failure, while the same user is working on a 6450.
Difference I can see is the following:
6900-You can see the Security ID not filled in, and also the FQAN is short and different 6450-You can see theSecurity ID is filled in and also FQAN is longer. Is there a difference how the 6900 sends the request to the NPS ?
It seems not to match a NPS rule due to authentication failure, while the same user is working on a 6450.
Difference I can see is the following:
6900-You can see the Security ID not filled in, and also the FQAN is short and different 6450-You can see theSecurity ID is filled in and also FQAN is longer. Is there a difference how the 6900 sends the request to the NPS ?
You do not have the required permissions to view the files attached to this post.
-
devnull
Re: Login on OS6900 via NPS
that is not the case with my 6900, i have the same security ID as for 6450.
Firmware 7.3.3.533 and 6.6.4.286
Firmware 7.3.3.533 and 6.6.4.286
-
tds85
Re: Login on OS6900 via NPS
Strange, Last week I had the same result as I have now (not working - only then the request came in with type Async Modem) and I was in 7.3.3.384.R01 GA
In mean time we did an upgrade to the latest 7.3.4 release: 7.3.4.450.R01 GA and it gives the output like I have send you before (with type Ethernet)
6450 had release 6.6.5.63.R02
NPS is on a WIN 2012 R2 server
In mean time we did an upgrade to the latest 7.3.4 release: 7.3.4.450.R01 GA and it gives the output like I have send you before (with type Ethernet)
6450 had release 6.6.5.63.R02
NPS is on a WIN 2012 R2 server
-
devnull
Re: Login on OS6900 via NPS
Attached my NPS output:
from my picture i see that the 6900 hits another CRP as it does not sent "Ethernet" but "Async" as Port-Type.
from my picture i see that the 6900 hits another CRP as it does not sent "Ethernet" but "Async" as Port-Type.
You do not have the required permissions to view the files attached to this post.
-
tds85
Re: Login on OS6900 via NPS
yes indeed, but apparently this changes in 7.3.4;
In 7.3.4 the NAS Port-Type also becomes Ethernet for the 6900
In 7.3.4 the NAS Port-Type also becomes Ethernet for the 6900
-
devnull
Re: Login on OS6900 via NPS
hmm.. i can't test as i do not dare to use a GA release until i have to.
wireshark, see what the 6900 is sending? compare that to 6450?
wireshark, see what the 6900 is sending? compare that to 6450?
