- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: ProSafe M4300 sending double RADIUS access-requests
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ProSafe M4300 sending double RADIUS access-requests
Hi all,
I'm setting up RADIUS/AAA using Windows NPS to authenticate users against a domain group, and I'm seeing a weird issue - it's working, but it's crufty. I'm on version 12.0.2.6 if that has any bearing on RADIUS.
When I log in via the GUI, the request is sent, and authenticates successfully. No problems there.
When I log in via SSH, the request is sent twice:
- I connect to the switch via SSH.
- I type in my username, and hit return; an "Access-Request" messae is sent the server (for some reason), but because I have not typed in my password yet, it also sends the "User-Password" field as blank. This fails against my network policy in NPS and generates a login error.
- I then type in my password: a second "Access-Request" is sent to the server, but because both my username AND password are present, I receive an "Access-Accept" back.
Why is the switch sending two RADIUS Access-Requests? How do I stop this from happening? Is there a setting in AAA I'm missing?
All I have right now is this:
aaa authentication login "networkList" radius local
RADIUS is working, but it means my syslog is going to flood with "access denied" messages in its current state, which is obviously not optimal. Anyone have any ideas about this?
Thanks!
-B.R.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ProSafe M4300 sending double RADIUS access-requests
Really? Nobody has any idea? Not even the good support folks that frequent this board? 😞
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ProSafe M4300 sending double RADIUS access-requests
Not a Netgear support person if you don't mind. Looks like an oddity in the sshd implementation. @LaurentMa - do you have an idea if or when this can be addressed?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ProSafe M4300 sending double RADIUS access-requests
Hi @technotechnotec,
As far as I have checked, there is no issue logged on the M4300 switch series as per described in your post. Since the current firmware of your M4300 switch is old, I suggest you to update it to the latest version which is 12.0.4.8 in order to isolate the problem. You can download firmware v12.0.4.8 here.
Be reminded to perform a factory reset after upgrading the firmware then reconfigure the settings from scratch in order to start clean using the latest firmware version. Then, check if you will encounter the same problem.
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ProSafe M4300 sending double RADIUS access-requests
Hi TechnoTechnoTec,
Welcome to the community,
I'm working on this issue for our ENG team. I'm sorry to have such a delay in response. I do find this curious. Can I ask some follow up questions? Also I'd like to send you a DM to create a ticket as this could be related to a bug.
Follow-up Qs,
1. When you connect to SSH to you set up the authentications prior to hitting connect? i.e. admin@<ipaddress>
2. What do you use for SSH access? This is to recreate the environment.
Thanks,
Alex Pendleton
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ProSafe M4300 sending double RADIUS access-requests
Thanks for reaching out. I've responded to you via email.
For anyone who stumbles across this thread via Google, I promise to update it when I get more detailed answers. 🙂
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ProSafe M4300 sending double RADIUS access-requests
Thanks Dane, this has been added to my to do list.
I'll update if the firmware update fixes the problem.
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ProSafe M4300 sending double RADIUS access-requests
Just to update: I tested this on a switch upgraded to 12.0.4.8 and I'm still seeing duplicate requests.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ProSafe M4300 sending double RADIUS access-requests
Shot you a reply to your email. I sent you a PCAP as well. 🙂