mhamer
asked on
Radius issue
Hi, struggling to get any user to authenticate
basic set up
juniper box links to radius server which links t oa gemalto server
use connects to junpier web page enters there username and Password/OTP
logs are created on the radius server so there is traffic.
Event id 12550
No connection could be made because the target machine activley refused it.
sys log
event id2 source IAS
Reason code 21
the request was rejected by a third party extention dll file
(gemalto dose have an agent running for IAs)
i do see comments like Authentication server = undetermined
policy name = undetermined in the event description
basic set up
juniper box links to radius server which links t oa gemalto server
use connects to junpier web page enters there username and Password/OTP
logs are created on the radius server so there is traffic.
Event id 12550
No connection could be made because the target machine activley refused it.
sys log
event id2 source IAS
Reason code 21
the request was rejected by a third party extention dll file
(gemalto dose have an agent running for IAs)
i do see comments like Authentication server = undetermined
policy name = undetermined in the event description
ASKER
i am making a copy of our live set up and that uses diffrent settings to the doc above.
when i configured mine via the doc it worked.
i started putting the settings back one by one , and got to the end and it still worked so bit stumped its working.
the doc uses quite relaxed settings out live box had everything ticked.
maybe a cert issue fixed by time and ad propergating?
when i configured mine via the doc it worked.
i started putting the settings back one by one , and got to the end and it still worked so bit stumped its working.
the doc uses quite relaxed settings out live box had everything ticked.
maybe a cert issue fixed by time and ad propergating?
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for mhamer's comment http:/Q_27429485.html#37106551
for the following reason:
resolved itself unknown reason
Accepted answer: 0 points for mhamer's comment http:/Q_27429485.html#37106551
for the following reason:
resolved itself unknown reason
Following the documentation, got the thing working.
A fixed itself, is with nothing being done other than time and reboots.
A fixed itself, is with nothing being done other than time and reboots.
ASKER
no, following the documentation interms of setting the encryption to not encrypted and turning off all authentication types, gets it wroking but not how we want it to work.
i need it to be a copy of our other working box. when using settings from that it fails we have all authentication types an dencryption enabled.
so doing it gemaltos way got it working, but was of no use to me i needed it to work our way.
putting the settings back one by one i would hope narrow the issue down. but got all the way to the end and it still worked, with our settings in place. looks more ike th euser cert hadnt got down to the client when first tried it
i am not talking install and configure just 4 radio buttons (chap ieap etc)
i need it to be a copy of our other working box. when using settings from that it fails we have all authentication types an dencryption enabled.
so doing it gemaltos way got it working, but was of no use to me i needed it to work our way.
putting the settings back one by one i would hope narrow the issue down. but got all the way to the end and it still worked, with our settings in place. looks more ike th euser cert hadnt got down to the client when first tried it
i am not talking install and configure just 4 radio buttons (chap ieap etc)
Unfortunately, I do not have eyes on what you have nor what you want to do. All your question has is that you have two pieces of equipment and you want to configure them using radius and the way you have it configured generates an error.
To know what the issue is you have to determine what is causing the rejection which you error suggests is the third party DLL by IAS.
You can have Juniper/IAS configured?
The data is encrypted between the remote USER and Juniper? Where are you trying to enforce encryption?
To know what the issue is you have to determine what is causing the rejection which you error suggests is the third party DLL by IAS.
You can have Juniper/IAS configured?
The data is encrypted between the remote USER and Juniper? Where are you trying to enforce encryption?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
test rig just took a while to issue user certs, was a new user
Can you make sure that one is working first i.e. authenticate using radius?
Presumably you used this document to configure:
http://www.gemalto.com/dwnld/5242_Gemalto_SAServer_with_Juniper_Integrate_SSL_VPN_tcm120-57381.pdf