Discussion:
How to config NPS to be a RADIUS Server for cisco switches.
(too old to reply)
Roy Davis
2008-06-02 21:24:00 UTC
Permalink
I have found all kinds of info about the New NPS and NAP but not a single
item out there that really tells you anything about how to configure Server
2008 to be a RADIUS Server for Cisco Switches. I am replacing my old 2003
servers with 2008 and have IAS running on the 2003 servers to be a RADIUS
Server for the cisco switches. Of course Microsoft could not make things
easy for us and provide a way of exporting and importing our settings. There
was mention of upgrading the old server to accomplish this but that defeats
the ability of a clean install of everything.

So, all I want to know is how do I configure server 2008 to be a RADIUS
Server for my cisco switches. I need beyond installing the services.

Thanks
James McIllece [MS]
2008-06-03 17:59:23 UTC
Permalink
Post by Roy Davis
I have found all kinds of info about the New NPS and NAP but not a
single item out there that really tells you anything about how to
configure Server 2008 to be a RADIUS Server for Cisco Switches. I am
replacing my old 2003 servers with 2008 and have IAS running on the
2003 servers to be a RADIUS Server for the cisco switches. Of course
Microsoft could not make things easy for us and provide a way of
exporting and importing our settings. There was mention of upgrading
the old server to accomplish this but that defeats the ability of a
clean install of everything.
So, all I want to know is how do I configure server 2008 to be a
RADIUS Server for my cisco switches. I need beyond installing the
services.
Thanks
Hi there --

Please see the NPS Help topic "Checklist: Configure NPS for 802.1X
Authenticating Switch Access"

This is on your local WS08 computer after you have installed NPS, and it is
also available on the Internet at
http://technet2.microsoft.com/windowsserver2008/en/library/b607dabd-8eca-
41ab-9953-ea2941a901541033.mspx

For information on deploying NAP with your switch, see "Checklist:
Configure NAP Enforcement for 802.1X Wired." This is in the NPS Help also
and is on the Internet at
http://technet2.microsoft.com/windowsserver2008/en/library/8e55565b-7794-
4d69-ba65-f0ea49fcc90a1033.mspx

For any Cisco-required/specific settings, please see your Cisco
documentation.
--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
Roy Davis
2008-06-04 15:59:02 UTC
Permalink
This still does not seem to help. The RADIUS server on 2003 still works but
not on 2008. All of the settings appear to be the same between the 2 systems
but it does not authenticate on 2008. Looking at the logs you can
deffinately see differences, on the 2008 it never makes it past the first
stage.
Post by James McIllece [MS]
Post by Roy Davis
I have found all kinds of info about the New NPS and NAP but not a
single item out there that really tells you anything about how to
configure Server 2008 to be a RADIUS Server for Cisco Switches. I am
replacing my old 2003 servers with 2008 and have IAS running on the
2003 servers to be a RADIUS Server for the cisco switches. Of course
Microsoft could not make things easy for us and provide a way of
exporting and importing our settings. There was mention of upgrading
the old server to accomplish this but that defeats the ability of a
clean install of everything.
So, all I want to know is how do I configure server 2008 to be a
RADIUS Server for my cisco switches. I need beyond installing the
services.
Thanks
Hi there --
Please see the NPS Help topic "Checklist: Configure NPS for 802.1X
Authenticating Switch Access"
This is on your local WS08 computer after you have installed NPS, and it is
also available on the Internet at
http://technet2.microsoft.com/windowsserver2008/en/library/b607dabd-8eca-
41ab-9953-ea2941a901541033.mspx
Configure NAP Enforcement for 802.1X Wired." This is in the NPS Help also
and is on the Internet at
http://technet2.microsoft.com/windowsserver2008/en/library/8e55565b-7794-
4d69-ba65-f0ea49fcc90a1033.mspx
For any Cisco-required/specific settings, please see your Cisco
documentation.
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
S. Pidgorny <MVP>
2008-06-03 11:37:04 UTC
Permalink
You can upgrade and backup/export NPS configuration can't you?

http://technet2.microsoft.com/WindowsServer2008/en/library/bc5ff492-679b-4b05-a4d6-36951aec73321033.mspx

Do that, then clean install... I was wondering why almost everybody believes
that their old OS installations are somewhat sirty?
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *
Post by Roy Davis
I have found all kinds of info about the New NPS and NAP but not a single
item out there that really tells you anything about how to configure Server
2008 to be a RADIUS Server for Cisco Switches. I am replacing my old 2003
servers with 2008 and have IAS running on the 2003 servers to be a RADIUS
Server for the cisco switches. Of course Microsoft could not make things
easy for us and provide a way of exporting and importing our settings.
There
was mention of upgrading the old server to accomplish this but that defeats
the ability of a clean install of everything.
So, all I want to know is how do I configure server 2008 to be a RADIUS
Server for my cisco switches. I need beyond installing the services.
Thanks
Roy Davis
2008-06-04 15:56:00 UTC
Permalink
That is a lot of work just to be able to get the RADIUS settings into server
2008. We are phasing out the old hardware and installing new hardware. Also
is it going to work for sure 100%, if not than we have just gone through all
of that work and now cannot log into a couple hundred switches.

Why can't MS come up with better solutions than the one you are giving.
When designing the new way of doing things why didn't someone think to build
in a method to import from what would now be the old version?
Post by S. Pidgorny <MVP>
You can upgrade and backup/export NPS configuration can't you?
http://technet2.microsoft.com/WindowsServer2008/en/library/bc5ff492-679b-4b05-a4d6-36951aec73321033.mspx
Do that, then clean install... I was wondering why almost everybody believes
that their old OS installations are somewhat sirty?
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
* http://sl.mvps.org * http://msmvps.com/blogs/sp *
Post by Roy Davis
I have found all kinds of info about the New NPS and NAP but not a single
item out there that really tells you anything about how to configure Server
2008 to be a RADIUS Server for Cisco Switches. I am replacing my old 2003
servers with 2008 and have IAS running on the 2003 servers to be a RADIUS
Server for the cisco switches. Of course Microsoft could not make things
easy for us and provide a way of exporting and importing our settings.
There
was mention of upgrading the old server to accomplish this but that defeats
the ability of a clean install of everything.
So, all I want to know is how do I configure server 2008 to be a RADIUS
Server for my cisco switches. I need beyond installing the services.
Thanks
S. Pidgorny <MVP>
2008-06-05 12:21:53 UTC
Permalink
I don't have the answers as to the MS's motives. Yet I wouldn't say that the
in-place upgrade is a lot of work. Of course direct import would be more
convenient.
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *
Post by Roy Davis
That is a lot of work just to be able to get the RADIUS settings into server
2008. We are phasing out the old hardware and installing new hardware.
Also
is it going to work for sure 100%, if not than we have just gone through all
of that work and now cannot log into a couple hundred switches.
Why can't MS come up with better solutions than the one you are giving.
When designing the new way of doing things why didn't someone think to build
in a method to import from what would now be the old version?
Post by S. Pidgorny <MVP>
You can upgrade and backup/export NPS configuration can't you?
http://technet2.microsoft.com/WindowsServer2008/en/library/bc5ff492-679b-4b05-a4d6-36951aec73321033.mspx
Do that, then clean install... I was wondering why almost everybody believes
that their old OS installations are somewhat sirty?
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
* http://sl.mvps.org * http://msmvps.com/blogs/sp *
Post by Roy Davis
I have found all kinds of info about the New NPS and NAP but not a single
item out there that really tells you anything about how to configure Server
2008 to be a RADIUS Server for Cisco Switches. I am replacing my old 2003
servers with 2008 and have IAS running on the 2003 servers to be a RADIUS
Server for the cisco switches. Of course Microsoft could not make things
easy for us and provide a way of exporting and importing our settings.
There
was mention of upgrading the old server to accomplish this but that defeats
the ability of a clean install of everything.
So, all I want to know is how do I configure server 2008 to be a RADIUS
Server for my cisco switches. I need beyond installing the services.
Thanks
James McIllece [MS]
2008-06-05 19:12:44 UTC
Permalink
Post by S. Pidgorny <MVP>
You can upgrade and backup/export NPS configuration can't you?
http://technet2.microsoft.com/WindowsServer2008/en/library/bc5ff492-679
b-4b05-a4d6-36951aec73321033.mspx
Do that, then clean install... I was wondering why almost everybody
believes that their old OS installations are somewhat sirty?
Unfortunately this export-import configuration process does not work
between IAS servers in Windows Server 2003 and NPS servers in Windows
Server 2008, so doing this is not possible in this circumstance. NPS
servers cannot import IAS server configurations at this time.

The NPS product team is aware of this issue, however.
--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
rosspcs
2008-06-12 13:42:16 UTC
Permalink
I have the same issue, works like a charm on 2003 but there is something not
quite correct for NPS with Cisco, is there anyway to turn up the logging
Level ?
Post by James McIllece [MS]
Post by S. Pidgorny <MVP>
You can upgrade and backup/export NPS configuration can't you?
http://technet2.microsoft.com/WindowsServer2008/en/library/bc5ff492-679
b-4b05-a4d6-36951aec73321033.mspx
Do that, then clean install... I was wondering why almost everybody
believes that their old OS installations are somewhat sirty?
Unfortunately this export-import configuration process does not work
between IAS servers in Windows Server 2003 and NPS servers in Windows
Server 2008, so doing this is not possible in this circumstance. NPS
servers cannot import IAS server configurations at this time.
The NPS product team is aware of this issue, however.
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
Roy Davis
2008-06-12 20:24:01 UTC
Permalink
So we did the whole upgrade from 2003 to 2008. Go figure, it doesn't work,
it does not even show up in the NPS console and of course there is no longer
an IAS console. Fancy That.

So, now what, I guess it just is not going to work. One more strike for
microsoft.
Post by S. Pidgorny <MVP>
You can upgrade and backup/export NPS configuration can't you?
http://technet2.microsoft.com/WindowsServer2008/en/library/bc5ff492-679b-4b05-a4d6-36951aec73321033.mspx
Do that, then clean install... I was wondering why almost everybody believes
that their old OS installations are somewhat sirty?
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
* http://sl.mvps.org * http://msmvps.com/blogs/sp *
Post by Roy Davis
I have found all kinds of info about the New NPS and NAP but not a single
item out there that really tells you anything about how to configure Server
2008 to be a RADIUS Server for Cisco Switches. I am replacing my old 2003
servers with 2008 and have IAS running on the 2003 servers to be a RADIUS
Server for the cisco switches. Of course Microsoft could not make things
easy for us and provide a way of exporting and importing our settings.
There
was mention of upgrading the old server to accomplish this but that defeats
the ability of a clean install of everything.
So, all I want to know is how do I configure server 2008 to be a RADIUS
Server for my cisco switches. I need beyond installing the services.
Thanks
Loading...