I currently have quite a few HP1910 (8G and 16G) and HP 5120 which use RADIUS for SSH logins. The NPS server is 2012R2. The RADIUS authentication works and assigns the correct privilege level.
Recently I got some HP1920 (8G and 16G). However those fail RADIUS authentication with the same settings that work on the 1910. On the 2012R2 server side I can see the user is granted full access successfully however the switch just logs:
SHELL/5/SHELL_LOGINFAIL: SSH user martin failed to log in from 192.168.205.55 on VTY0..
SC/5/SC_AAA_FAILURE: -AAAType=AUTHEN-AAAScheme= radius-scheme system-Service=login-UserName=martin@example; AAA is failed. Common.
SC/6/SC_AAA_LAUNCH: -AAAType=AUTHEN-AAAScheme= radius-scheme system-Service=login-UserName=martin@example; AAA launched.
The relevant switch config from HP1920 (which is the exat same on 1910 switches) is:
radius scheme system
server-type extended
primary authentication 1.1.1.1
key authentication XXXXXXXXXXXXXXXXXXXXXXX
user-name-format without-domain
#
domain example
authentication default radius-scheme system
authorization default radius-scheme system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
domain default enable example
The only notable difference is that 1910 switches run Comware Software, Version 5.20, Release 1513P99
And the 1920 ones are on Comware Software, Version 5.20.99, Release 1112
However I doubt that is the issue.
Thanks,
Martin