Tag Archives: Radius

How to find NPS client Radius Shared Secret Key

Overtime we forget things, especially Shared secret radius keys. This is pretty common, and I run into it a lot. For example – lets say a you setup NPS (Network Policy Server) and a Wireless controller for 802.1x auth, or a ASA doing radius authentication years ago. Some how or another that key was lost – no worries, you can get that back from the NPS server itself.

In just a few simple steps you can get that key back. So lets start by opening up NPS and then selecting “Radius Clients and Servers” and dropping down “Radius Clients”

NPS-1

In this example I am using a Ruckus Smartzone – lets say I forget the password. I can just right click on the client and select “Save and apply as Template.

NPS-2

Next we can create a new radius client by right clicking on “Radius Clients” and once the client info pops up to fill in, we will select to create it from the template, and select the template we made.

NPS-3

NPS-4

To see the *** Password, uncheck the box “Select and existing template” and then select the “Generate” Radio button – and bam! there is the PSK.

NPS-5

Ruckus ICX Radius logins

I refer back to these commands a lot and thought they might help someone else. This will allow the Ruckus or Brocade ICX switches to authenticate to a radius server for logins to the device.

aaa authentication web-server default radius local enable
aaa authentication login default radius local enable
aaa authentication login privilege-mode

radius-server host 1.1.1.1 auth-port 1812 acct-port 1813 default key $aWdAblUmc3JuVSY9Z1k= dot1x

A few things to note about this. I am setting the web-server login and SSH logins to use radius, then if radius is not available use local authentication settings.

The login privilege-mode command bypasses the enable password and logs be straight in a privileged.