This article explains how to login to the WLC via SSH/Telnet using Windows Radius Authentication.
Prerequisites:
-
A working Windows NPS server configured in your network.
-
A Windows user group and a test user and password in the Windows NPS server. Make that user as a member in the user group.
-
Two duplicate SSH/Telnet sessions opened for the WLC simultaneously (to revert the change).
Steps to configure the WLC:
-
Open SSH or Telnet session to the WLC
-
Login to the enable mode
-
Enter the following commands in the SSH/Telnet Window:
-
set radius server <any-name> address <IP address of Windows radius server> key juniper
-
set server group radius-group members <the name entered in step a>
-
set authentication admin ** radius-group
-
Go to the Windows NPS settings.

-
Right click Radius Client and select New

-
Enter the following information:
In the Shared Secret box, enter the key you entered in Step 3, a.

-
You can now use the Radping
command in the SSH window of the WLC to check whether the authentication works between the WLC and Radius server using the test username you have created in Step 2 under Prerequisite above.
Radping command: # radping {server server-name | group servergroup} request authentication user <test username> password <password> auth-type {plain | mschapv2}
-
You should see Received Access-Accept from the server after Radping.
-
Go to the Windows NPS settings and expand Policies and select Network Policies. Select the policy Name, select Conditions tab and click add to add the User group you created in Step 2 under Prerequisites above.

-
Make sure you have nothing selected under Network Policies -> Constraints Tab -> NAS Port Type.
-
Open a new SSH/Telnet session for the WLC and use the test user as the username and password of that test user and login into the WLC.
-
If the above steps does not work, clear the authentication rule as below to use local authentication:
Clear authentication admin **
Note: You cannot use the above steps to login into the Webview of the WLC.
2020-10-10: Archived article.