none
How to configure Radius Server Proxy using Windows 2008 and Infoblox app

    Question

  • I am attempting to using an Infoblox Appliance as an Radius Client to an Windows 208 Server running NPS, inorder to use Windows User Accounts/Groups for AAA Authentication on a Cisco Router. Any Suggestions?

    On the Infoblox Appliance, I have configured a Home Server, which is my Windows 2008 server running NPS.  On my Windows 2008 Server, I have configured the Infoblox as a Raduis Client as a Raduis Standard device. Finally, my cisco router is configure to use my Infoblox as a radius server.  When I attempt to login into my raduis server, I receive "Access Denied,"  I believe I have a issuse with incorrect configurations being passed between the router and the infoblox.
    Monday, September 14, 2009 2:36 AM

Answers

  • Hi,

    Check events in Event Viewer on NPS. Look under Custom Views\Server Roles\Network Policy and Access Services. There should be an event that tells you why access was denied. If there are no events, then this means the Infoblox appliance isn't passing authentication requests to NPS. In that case, you should check logs on the Infoblox appliance. Did you configure the router as a RADIUS client on the Infoblox appliance? You may need to do this also.

    -Greg

    Tuesday, September 15, 2009 5:45 AM

All replies

  • Hi,

    Check events in Event Viewer on NPS. Look under Custom Views\Server Roles\Network Policy and Access Services. There should be an event that tells you why access was denied. If there are no events, then this means the Infoblox appliance isn't passing authentication requests to NPS. In that case, you should check logs on the Infoblox appliance. Did you configure the router as a RADIUS client on the Infoblox appliance? You may need to do this also.

    -Greg

    Tuesday, September 15, 2009 5:45 AM
  • Sorry to the delay in the response.  I switched to another project for a spell.  With that being said.......

    I don't know why I didn't think to check the events in the first place....duh?

    Lessons Learned So Far:

    1. Where the traffic is coming from. Add the Correct Interface IP as a Raduis Client on the Infoblox appliance and Windows NPS. 
    2. I am receiveing access denied messages,  I am not submitting the correct user/password to and from the Infoblox to the Windows 2008.
    3. If I bypassing the Infoblox appliance, It works fine.

    Any Suggestions?

     

    Wednesday, September 30, 2009 4:37 PM
  • Are you still seeing an issue?

    It seems that you've fixed a problem with the interface IP you configured as a RADIUS client in NPS. You also say that you are now receiving access denied messages when supplying an improper username/password. This seems to be correct behavior. Do you mean you are seeing access denied events in the Event Log? Where are you seeing these messages? What happens when you supply the correct username/password?

    Does the Infoblox appliance have any special configuration settings to make is act as a proper RADIUS proxy? I'm not familiar with the configuration interface of an Infoblox. Does the term "Home Server" refer to a backend RADIUS server in Infoblox terminology?
    Friday, October 02, 2009 1:54 AM
  • Yes, when I put in the correct password, I am still received the access denied message.  I will be starting over this week from scratch using the lessons learned.... Stay tuned!
    Monday, October 05, 2009 5:21 PM