Discussion stats
  • 8 replies
  • 1369 views
  • 2 kudos
  • 4 in conversation
Announcements

Top Contributors
Reply
Highlighted

ProSafe M4300 sending double RADIUS access-requests

Hi all,

 

I'm setting up RADIUS/AAA using Windows NPS to authenticate users against a domain group, and I'm seeing a weird issue - it's working, but it's crufty. I'm on version 12.0.2.6 if that has any bearing on RADIUS.

 

When I log in via the GUI, the request is sent, and authenticates successfully. No problems there.

 

When I log in via SSH, the request is sent twice:

 

Capture.PNG

- I connect to the switch via SSH.

- I type in my username, and hit return; an "Access-Request" messae is sent the server (for some reason), but because I have not typed in my password yet, it also sends the "User-Password" field as blank. This fails against my network policy in NPS and generates a login error.

- I then type in my password: a second "Access-Request" is sent to the server, but because both my username AND password are present, I receive an "Access-Accept" back.

 

Why is the switch sending two RADIUS Access-Requests? How do I stop this from happening? Is there a setting in AAA I'm missing?

 

All I have right now is this:

 

 aaa authentication login "networkList" radius local

 

RADIUS is working, but it means my syslog is going to flood with "access denied" messages in its current state, which is obviously not optimal. Anyone have any ideas about this?

 

Thanks!

 

-B.R.

Message 1 of 9
Highlighted

Re: ProSafe M4300 sending double RADIUS access-requests

Really? Nobody has any idea? Not even the good support folks that frequent this board? Smiley Sad

Message 2 of 9
Highlighted
Guru

Re: ProSafe M4300 sending double RADIUS access-requests

Not a Netgear support person if you don't mind. Looks like an oddity in the sshd implementation. @LaurentMa - do you have an idea if or when this can be addressed?

Message 3 of 9
Highlighted
NETGEAR Moderator

Re: ProSafe M4300 sending double RADIUS access-requests

Hi @technotechnotec,

 

As far as I have checked, there is no issue logged on the M4300 switch series as per described in your post.  Since the current firmware of your M4300 switch is old, I suggest you to update it to the latest version which is 12.0.4.8 in order to isolate the problem.  You can download firmware v12.0.4.8 here.   

 

Be reminded to perform a factory reset after upgrading the firmware then reconfigure the settings from scratch in order to start clean using the latest firmware version.  Then, check if you will encounter the same problem.

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 4 of 9
Highlighted
NETGEAR Moderator

Re: ProSafe M4300 sending double RADIUS access-requests

Hi TechnoTechnoTec,

 

Welcome to the community,

 

I'm working on this issue for our ENG team. I'm sorry to have such a  delay in response. I do find this curious. Can I ask some follow up questions? Also I'd like to send you a DM to create a ticket as this could be related to a bug.

 

Follow-up Qs,

 

1. When you connect to SSH to you set up the authentications prior to hitting connect? i.e. admin@<ipaddress>

2. What do you use for SSH access? This is to recreate the environment.

 

 

Thanks,

 

Alex Pendleton

 

 

 

Message 5 of 9
Highlighted

Re: ProSafe M4300 sending double RADIUS access-requests

Thanks for reaching out. I've responded to you via email.

 

For anyone who stumbles across this thread via Google, I promise to update it when I get more detailed answers. Smiley Happy

Message 6 of 9
Highlighted

Re: ProSafe M4300 sending double RADIUS access-requests

Thanks Dane, this has been added to my to do list.

 

I'll update if the firmware update fixes the problem.

 

Thanks!

Message 7 of 9
Highlighted

Re: ProSafe M4300 sending double RADIUS access-requests

Just to update: I tested this on a switch upgraded to 12.0.4.8 and I'm still seeing duplicate requests.

Message 8 of 9
Highlighted

Re: ProSafe M4300 sending double RADIUS access-requests

Shot you a reply to your email. I sent you a PCAP as well. Smiley Happy

Message 9 of 9