Solved

Issues with first Radius Server

Posted on 2014-03-28
4
323 Views
Last Modified: 2014-04-07
PCI demands we setup 2 factor authentication,  so it has turned into a last minute Radius server setup and no one in our organization has any experience with them.  I think the issue is with who is allowed to log onto what.  Here are the enivronment details.
Active Directory 2003 domain with one 2008 DC
2008 DC has NPS role configured.  192.168.0.24
Radius Client = Bomgar  = 192.168.1.4
support.company.com = our company's address to access bomgar from the public internet

NPS Settings
Policies = default "user windows authentication for all users"

NPS Log shows
"ADC2","IAS",03/28/2014,08:27:42,1,"username","domain.COM/HQ Users/IT/Firstname Lastname",,,,,"support.company.com",,,0,"192.168.1.4","Bomgar",,,,,,,1,"Connections to other access servers",0,"311 1 192.168.0.24 03/27/2014 17:21:47 16",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,

"ADC2","IAS",03/28/2014,08:27:42,3,,"domain.COM/HQ Users/IT/FirstName LastName",,,,,,,,0,"192.168.1.4","Bomgar",,,,,,,1,"Connections to other access servers",66,"311 1 192.168.0.24 03/27/2014 17:21:47 16",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,

Bomgar logs show
CHECK_AUTH_RADIUS:INFO>RADIUS server rejected info

My notes:  
NAP-Capable should be off per bomgar
Shared secret is correct on both.  I get a different error message if I change one.
0
Comment
Question by:Madlife6
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39961463
Can you restart NPS service once and check please

Also NPS (Radius) server must be entered some where in your other application as well (Bomgar)

Also check what should be vendor class for application
0
 

Author Comment

by:Madlife6
ID: 39961571
I restarted the service and no change.  The RADIUS information is in Bomgar and they are communicating.  I troubleshot various connection issues, bad Shared Secrets, and Bomgar always gave me a "time out" error.  

I also just did a test with a "Fake" username and password and both the NPS logs and Bomgar logs show the same error message as when I use a real username and password.
0
 

Accepted Solution

by:
Madlife6 earned 0 total points
ID: 39973030
This was a dumb move on my part.  I thought the Domain Controllers could talk to Bomgar,  but the new 2008 DC did not have access through the firewall.  I gave this access and it is all set
0
 

Author Closing Comment

by:Madlife6
ID: 39982575
I choose my own solution,  because the problem was caused by a stupid error on my part.
0

Featured Post

Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question