Link to home
Start Free TrialLog in
Avatar of mhamer
mhamer

asked on

Radius issue

Hi, struggling to get any user to authenticate

basic set up
juniper box  links to radius server which links t oa gemalto server

use connects to junpier web page enters there username and Password/OTP

logs are created on the radius server so there is traffic.

Event id 12550
No connection could be made because the target machine activley refused it.

sys log
event id2 source IAS
Reason code 21
the request was rejected by a third party extention dll file

(gemalto dose have an agent running for IAs)

i do see comments like  Authentication server  = undetermined
policy name = undetermined in the event  description
Avatar of arnold
arnold
Flag of United States of America image

Are you looking to configure the Juniper setup for two factor authenitcation?
Can you make sure that one is working first i.e. authenticate using radius?

Presumably you used this document to configure:
http://www.gemalto.com/dwnld/5242_Gemalto_SAServer_with_Juniper_Integrate_SSL_VPN_tcm120-57381.pdf
Avatar of mhamer
mhamer

ASKER

i am making a copy of our live set up and that uses diffrent settings to the doc above.

when i configured mine via the doc it worked.

i started putting the settings back one by one , and got to the end and it still worked so bit stumped  its working.

the doc uses quite relaxed settings out live box had everything ticked.

maybe a cert issue fixed by time and ad propergating?

Avatar of mhamer

ASKER

I've requested that this question be closed as follows:

Accepted answer: 0 points for mhamer's comment http:/Q_27429485.html#37106551

for the following reason:

resolved itself  unknown reason
Following the documentation, got the thing working.
A fixed itself, is with nothing being done other than time and reboots.
Avatar of mhamer

ASKER

no, following the documentation interms of setting the encryption to  not encrypted and turning off all authentication types,    gets it wroking  but not how we want it to work.

i need it to be a copy of our other working box.   when using settings from that it fails we have all authentication types an dencryption enabled.

so doing it gemaltos way got it working, but was of no use to me i needed it to work our way.

putting the settings back one by one i would hope narrow the issue down. but got all the way to the end and it still worked, with  our settings in place.   looks more ike th euser cert  hadnt got down to the client when  first tried it


i am not talking install and configure just 4 radio buttons  (chap ieap etc)

Unfortunately, I do not have eyes on what you have nor what you want to do. All your question has is that you have two pieces of equipment and you want to configure them using radius and the way you have it configured generates an error.

To know what the issue is you have to determine what is causing the rejection which you error suggests is the third party DLL by IAS.

You can have Juniper/IAS configured?

The data is encrypted between the remote USER and Juniper? Where are you trying to enforce encryption?
ASKER CERTIFIED SOLUTION
Avatar of mhamer
mhamer

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of mhamer

ASKER

test rig just took a while to issue user certs, was a new user