NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
ProSafe M4300 sending double RADIUS access-requests
Hi all,
I'm setting up RADIUS/AAA using Windows NPS to authenticate users against a domain group, and I'm seeing a weird issue - it's working, but it's crufty. I'm on version 12.0.2.6 if that has any bearing on RADIUS.
When I log in via the GUI, the request is sent, and authenticates successfully. No problems there.
When I log in via SSH, the request is sent twice:
- I connect to the switch via SSH.
- I type in my username, and hit return; an "Access-Request" messae is sent the server (for some reason), but because I have not typed in my password yet, it also sends the "User-Password" field as blank. This fails against my network policy in NPS and generates a login error.
- I then type in my password: a second "Access-Request" is sent to the server, but because both my username AND password are present, I receive an "Access-Accept" back.
Why is the switch sending two RADIUS Access-Requests? How do I stop this from happening? Is there a setting in AAA I'm missing?
All I have right now is this:
aaa authentication login "networkList" radius local
RADIUS is working, but it means my syslog is going to flood with "access denied" messages in its current state, which is obviously not optimal. Anyone have any ideas about this?
Thanks!
-B.R.
8 Replies
Really? Nobody has any idea? Not even the good support folks that frequent this board? :(
Hi TechnoTechnoTec,
Welcome to the community,
I'm working on this issue for our ENG team. I'm sorry to have such a delay in response. I do find this curious. Can I ask some follow up questions? Also I'd like to send you a DM to create a ticket as this could be related to a bug.
Follow-up Qs,
1. When you connect to SSH to you set up the authentications prior to hitting connect? i.e. admin@<ipaddress>
2. What do you use for SSH access? This is to recreate the environment.
Thanks,
Alex Pendleton
Thanks for reaching out. I've responded to you via email.
For anyone who stumbles across this thread via Google, I promise to update it when I get more detailed answers. :)
Hi technotechnotec,
As far as I have checked, there is no issue logged on the M4300 switch series as per described in your post. Since the current firmware of your M4300 switch is old, I suggest you to update it to the latest version which is 12.0.4.8 in order to isolate the problem. You can download firmware v12.0.4.8 here.
Be reminded to perform a factory reset after upgrading the firmware then reconfigure the settings from scratch in order to start clean using the latest firmware version. Then, check if you will encounter the same problem.
Regards,
DaneA
NETGEAR Community Team
Thanks Dane, this has been added to my to do list.
I'll update if the firmware update fixes the problem.
Thanks!
Just to update: I tested this on a switch upgraded to 12.0.4.8 and I'm still seeing duplicate requests.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
