Problem
You attempt to log into a Cisco Prime Network Control System after setting it up with AAA RADIUS authentication with Windows NPS (Network Policy Server) server but receive the following error when you log in with an Active Directory account:
No authorization information found for Remote Authenticated User.
Please check the correctness of the associated task(s) and Virtual Domain(s) in the remote server
Solution
It took me awhile to figure this error out because the documentation and forum posts I found with responses wasn’t too clear on what I was missing even though I’ve copied all of the RADIUS Custom Attributes into my policy configured on the NPS. After spending a few hours to finally discover I was missing 1 line in Cisco-AV-Pair attribute values, I thought it would be helpful to blog the configuration.
Navigate to Administrator –> AAA:
Click on the User Groups item on the left then the Task List for the group you want to grant permissions with. For the purpose of this example, we’ll use the Admin group:
You’ll need to first copy all of the RADIUS Custom Attributes into your policy on the NPS server as shown in the following:
The above configuration isn’t complete and if you proceed with trying to log into the Cisco NCS, you would receive the message as shown at the beginning of this post. The configuration that fixes this issue is found by clicking on the here link at the line located at the bottom:
To add custom attributes related to Virtual Domains, please click here.
Note the additional line should be copy and pasted into the attributes as such:
Logging into your NCS with Active Directory accounts authenticated via NPS should work now:
11 comments:
Blah Blah Blah you are a real piece of work.
Worked like a charm! Thanks!
Saved my day, thanks!
Wish I found your post faster, thank you VERY much!
Only the first 2 lines are mandatory in Prime 2.0.
Thanks, this worked for TACACS too!
Thanks so much!!!
Thanks! Fixed TACACS for me also.
Where do i find the best radius manager billing system because other radius billing system but it's not good for me.
You rock! Thanks so much. Docs from Cisco wont clear.
Also see this post http://www.wificert.org/cisco-prime-ad-login/
Post a Comment