You attempt to log into a Cisco Prime Network Control System after setting it up with AAA RADIUS authentication with Windows NPS (Network Policy Server) server but receive the following error when you log in with an Active Directory account:
No authorization information found for Remote Authenticated User.
Please check the correctness of the associated task(s) and Virtual Domain(s) in the remote server
It took me awhile to figure this error out because the documentation and forum posts I found with responses wasn’t too clear on what I was missing even though I’ve copied all of the RADIUS Custom Attributes into my policy configured on the NPS. After spending a few hours to finally discover I was missing 1 line in Cisco-AV-Pair attribute values, I thought it would be helpful to blog the configuration.
Navigate to Administrator –> AAA:
Click on the User Groups item on the left then the Task List for the group you want to grant permissions with. For the purpose of this example, we’ll use the Admin group:
You’ll need to first copy all of the RADIUS Custom Attributes into your policy on the NPS server as shown in the following:
The above configuration isn’t complete and if you proceed with trying to log into the Cisco NCS, you would receive the message as shown at the beginning of this post. The configuration that fixes this issue is found by clicking on the here link at the line located at the bottom:
To add custom attributes related to Virtual Domains, please click here.
Note the additional line should be copy and pasted into the attributes as such:
Logging into your NCS with Active Directory accounts authenticated via NPS should work now: