Loading ...
Home » Spaces » UPS Management Devices & PowerChute Software » discussion » General » RADIUS and Active Directory Authentication

RADIUS and Active Directory Authentication

Discussion in UPS Management Devices & PowerChute Software started by Mark , 3/6/2015 10:10 PM
Login to follow, share, and participate in this space.
Not a member?Join now
  • mbroge
    Mark
    Novice Novice
    Mark 3/6/2015 10:10 PM

    We recently purchased new APC SMX3000LVNC batteries for our data center. I have successfully configured all of the AP9631 cards in all ways except for RADIUS authentication. I have read several articles in regards to this, including Making APC network cards play nice with Active Directory, but the RADIUS test fails. I suspect I am missing something as my understanding of Microsoft's NPS is wanting at best.

    Salient points:

    • aos c6.1.1
    • Can log in to each APC network card using local authentication
    • Each battery has a client account on the Network Policy (RADIUS) Server
    • Access Permission: Grant Access
    • Authentication Method: CHAP or PAP
    • Service-Type: Administrative
    • Network Connection Method: Vendor Specific/100
    • Vendor Code: 318 / Value: 1, Decimal, 1, Yes it conforms

    I would appreciate any guidance as to where to go next. 

  • ipicKedawinna
    Angela
    =S= Representative
    Angela 3/16/2015 3:21 PM (in response to Mark)

    Hello,

    I had some notes referencing this link -> https://zmq503o1.wordpress.com/2006/02/28/apc-websnmp-radius-authentication/ 

    I also had jotted down:

    Windows 2008 server RADIUS is a bit different but with some testing I got it to work. The key is to use "User Groups" not "Windows Groups" when creating the Network Policy on the 2008 IAS Server. Windows 2003 IAS only has "Windows Groups", Windows 2008 IAS has both. "Windows Groups" and "User Groups", ONLY "User Groups" work with 2008.

    Does this help? I also thought we'd only work with PAP as it stands now.

    Here may be another good link: http://technologyordie.com/authenticating-apc-network-management-cards-with-network-policy-server 

  • mbroge
    Mark
    Novice Novice
    Mark 3/17/2015 4:28 PM (in response to Angela)

    Thank you for the response.

    In regards to "Windows Groups" vs. "User Groups" I am not sure what you are referring to. In our Active Directory structure I am using a built-in domain-local Security Group (Domain Admins) on the Network Policy Server. To clarify, the NPS instance is running on a Windows Server 2008 R2 PDC.

    I have seen the first article linked and followed those steps (the images appear to be broken on that page). I have reviewed the second linked article and all appears to be correct. I have attached a series of screen shots that show the configuration below:

    Settings 1

  • ipicKedawinna
    Angela
    =S= Representative
    Angela 3/17/2015 5:38 PM (in response to Mark)

    Hi Mark,

    Thanks so much for the detail. I am going to have my colleague review this and see if she can provide input on it. I hope to report back tomorrow since she is gone for the day now.

  • mbroge
    Mark
    Novice Novice
    Mark 3/17/2015 7:20 PM (in response to Angela)

    You are welcome; I am glad to provide any information that will lead to a solution! I appreciate your assistance.

  • ipicKedawinna
    Angela
    =S= Representative
    Angela 3/18/2015 1:20 PM (in response to Mark)

    Hi Mark,

    We got this working and have some steps that I am going to share with you offline before we turn it into a formal knowledge base article. Could you review them and share what you find? I see a few slight differences in configuration between our setup and yours. I don't have NPS in front of me so I am finding it difficult to follow the order of the screenshots between mine and yours.

  • mbroge
    Mark
    Novice Novice
    Mark 4/13/2015 4:47 PM (in response to Angela)

    It's been some time and I thought I had responded to this thread but evidently not embarassed the steps did not resolve the authentication issue; it is the same result. I am open to any further suggestions.

  • ipicKedawinna
    Angela
    =S= Representative
    Angela 4/15/2015 2:08 PM (in response to Mark)

    I asked my colleague who tested this and created the document I sent to you where we got it working. She suggested doing a packet capture if at all possible or potentially that a port was blocked somewhere. Not sure if you have the capability to try that?

  • StephenN
    Stephen
    New Member New Member
    Stephen 7/1/2015 7:53 AM (in response to Angela)

    Is anybody find answer?

    I use NPS server on Windows 2012 R2.

    In my UPS with NMC2 AP9630 and firmware 5.1.3 all work excelent.

    With NMC2 AP9630 firmware 6.2.1 i recieve that test authentification succesful when add RADIUS server, but logon unsuccesful.

    succesful add RADIUS

    Attachments
  • sava
    Kirill
    New Member New Member
    Kirill 5/25/2017 1:07 PM (in response to Mark)

    Hello,

    I have the same problem with the RADIUS authentication. Did all those steps but it didn't help. We have Smart-UPS RT 5000 XL, UPS Network Management Card 2 APC OS v6.4.6.

    Radius server on Windows Server 2008 R2 Enterprise. When I set "Network connection method" - Vendor specific - 100, I got response: 

    Reason Code: 48
    Reason: The connection request did not match any configured network policy.

    When I change it to Unspecified

    Reason Code: 66
    Reason: The user attempted to use an authentication method that is not enabled on the matching network policy.

    Can you help me? What i did wrong?

  • iNSOMNiA
    Jason
    New Member New Member
    Jason 7/9/2018 8:56 PM (in response to Kirill)

    Not sure if anyone got this working, but, there was one thing I had different on my configuration on NPS. Screenshots below for the vendor specific attributes. 

    Hope this helps someone.

  • Page 1 of 1 (11 items)
Choose your language:  
powered by Communifire
Version 5.2.6420.11692