Marko Tarvainen
asked on
Radius problem with Ruckus ZD1100 with MS2008 R2
Hello,
I had big problems with Radius authentication with Ruckus ZD1100 and Server 2008r2 NPS
Ruckus told everytime username and password is wrong. With AD authentication same credetials works fine. Event Viewer wont show any errors. Ruckus diagnostics shows log.
I just tested same Ruckus with my own test virtual server, radius works fine. I had checked setting couples time from test server to working server are same.
Jul 16 13:08:05 domain syslog: authd_radius_recv_auth_res p():Reply message: ()
Jul 16 13:08:05 domain syslog: authd_radius_recv_auth_res p():RADIUS status code 3
Jul 16 13:08:05 domain syslog: radius_client_receive(): received radius packet matched with pending request from AVD6HU31j5, round trip time 0.00 sec
Jul 16 13:08:05 domain syslog: radius_client_receive():re ceived 20 bytes from radius server
Jul 16 13:08:05 domain syslog: radius_client_thread():han dle radius_event on sock=11
Jul 16 13:08:05 domain syslog: authd_radius_handle_auth_r eq():RADIU S authentication req sent
Jul 16 13:08:05 domain syslog: radius_client_send():sendi ng radius message to authentication, sock=11, id=14
Jul 16 13:08:05 domain syslog: authd_fill_framed_ip():fra med ip is
Jul 16 13:08:05 domain syslog: authd_fill_nas_ip():ipv4 nas addr value is a0a0050
Jul 16 13:08:05 domain syslog: authd_radius_prepare_radiu s_message( ):auth algorithm=0
Jul 16 13:08:05 domain syslog: authd_radius_prepare_radiu s_message( ):username =sami
Jul 16 13:08:05 domain syslog: authd_radius_handle_auth_r eq():web test backup radius with primary server
Jul 16 13:08:05 domain syslog: authd_radius_recv_auth_req ():recived msg from module 12, len = 1644, id = 0x0c000001
Jul 16 13:08:05 domain syslog: radius_client_thread():han dle radius_event on sock=12
Jul 16 13:08:05 domain syslog: authd_req_radius():test server [primary]
Jul 16 13:08:05 domain syslog: authd_req_radius():framed_ ip_address is []
I had big problems with Radius authentication with Ruckus ZD1100 and Server 2008r2 NPS
Ruckus told everytime username and password is wrong. With AD authentication same credetials works fine. Event Viewer wont show any errors. Ruckus diagnostics shows log.
I just tested same Ruckus with my own test virtual server, radius works fine. I had checked setting couples time from test server to working server are same.
Jul 16 13:08:05 domain syslog: authd_radius_recv_auth_res
Jul 16 13:08:05 domain syslog: authd_radius_recv_auth_res
Jul 16 13:08:05 domain syslog: radius_client_receive(): received radius packet matched with pending request from AVD6HU31j5, round trip time 0.00 sec
Jul 16 13:08:05 domain syslog: radius_client_receive():re
Jul 16 13:08:05 domain syslog: radius_client_thread():han
Jul 16 13:08:05 domain syslog: authd_radius_handle_auth_r
Jul 16 13:08:05 domain syslog: radius_client_send():sendi
Jul 16 13:08:05 domain syslog: authd_fill_framed_ip():fra
Jul 16 13:08:05 domain syslog: authd_fill_nas_ip():ipv4 nas addr value is a0a0050
Jul 16 13:08:05 domain syslog: authd_radius_prepare_radiu
Jul 16 13:08:05 domain syslog: authd_radius_prepare_radiu
Jul 16 13:08:05 domain syslog: authd_radius_handle_auth_r
Jul 16 13:08:05 domain syslog: authd_radius_recv_auth_req
Jul 16 13:08:05 domain syslog: radius_client_thread():han
Jul 16 13:08:05 domain syslog: authd_req_radius():test server [primary]
Jul 16 13:08:05 domain syslog: authd_req_radius():framed_
Is the shared-secret between the Ruckus and NPS correct?
ASKER
Yes, I have tried to change that also to one with only letters, didn't help
But if you point the Ruckus to a test VM it works?
ASKER
Tried with just installed Windows 2008R2 VM and it worked with same settings, with the original 2008R2 it doesn't work
Is the NPS authorized to read AD accounts?
ASKER
Yes it is
Firewall allowing ports 1645,1646,1812,1813?
ASKER
Firewall is off from server
I'd remove the NPS role and reinstall.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Removing NPS wasn't an option. So tried with new server