Use MS NPS as RADIUS Server for Network Devices

In these days, it is common to see MS NPS is deployed RADIUS server for network device authentication. It is fairly easy to deploy and pretty much just follow the prompt to complete configuration. However, in some of the cases, the RADIUS attributes are not easy to find in any of the vendor documentation and even MS NPS shows the authentication is successful, but users still can not login these network devices.

Junos Space
1. Follow the instruction of this link to complete the Junos Space remote profile configuration, https://www.juniper.net/documentation/en_US/junos-space16.1/platform/topics/task/configuration/remote-profile-creating.html

2. Follow the standard process to configure the NPS network policy. However, add the Vendor Specific on Settings page;



 

3. Configure the vendor code: 2363;

 

4. Configure Vendor-assigned attribute number:11, Attribute format:String, Attribute value:<Junos Space Remote Profile Name>.

ASA
It is easy to setup admin user of ASA in MS NPS, however, the read-only user requires the specific RADIUS attributes as well.

1. Follow the standard process to configure the NPS network policy. However, add the Vendor Specific on Settings page;

2. Configure the vendor code: 3076;

3. Configure Vendor-assigned attribute number:220, Attribute format:Decimal, Attribute value:5