Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] How to login to the WLC (via SSH & Telnet) using Windows Radius Authentication



Article ID: KB32120 KB Last Updated: 10 Oct 2020Version: 2.0

This ​article explains how to login to the WLC via SSH/Telnet using Windows Radius Authentication.




  1. A working Windows NPS server configured in your network.

  2. A Windows user group and a test user and password in the Windows NPS server. Make that user as a member in the user group.

  3. Two duplicate SSH/Telnet sessions opened for the WLC simultaneously (to revert the change).

Steps to configure the WLC:

  1. Open SSH or Telnet session to the WLC

  2. Login to the enable mode

  3. Enter the following commands in the SSH/Telnet Window:

    1. set radius server <any-name> address <IP address of Windows radius server> key juniper

    2. set server group radius-group members <the name entered in step a>

    3. set authentication admin ** radius-group

  4. Go to the Windows NPS settings.

  5. Right click Radius Client and select New

  6. Enter the following information:

    In the Shared Secret box, enter the key you entered in Step 3, a.

  7. You can now use the Radping command in the SSH window of the WLC to check whether the authentication works between the WLC and Radius server using the test username you have created in Step 2 under ​Prerequisite above.

    Radping command: ​# radping {server server-name | group servergroup} request authentication user <test username> password <password> auth-type {plain | mschapv2}

  8. You should see ​Received Access-Accept from the server after Radping.

  9. Go to the Windows NPS settings and expand Policies and select Network Policies. Select the policy Name, select Conditions tab and click add to add the User group you created in ​Step 2 under ​Prerequisites above.

  10. Make sure you have nothing selected under Network Policies -> Constraints Tab -> NAS Port Type.

  11. Open a new SSH/Telnet session for the WLC and use the test user as the username and password of that test user and login into the WLC.

  12. If the above steps does not work, clear the authentication rule as below to use local authentication:

    Clear authentication admin **

Note: You cannot use the above steps to login into the Webview of the WLC.

Modification History:
2020-10-10: Archived article.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search