Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Issues with first Radius Server

Posted on 2014-03-28
4
Medium Priority
?
330 Views
Last Modified: 2014-04-07
PCI demands we setup 2 factor authentication,  so it has turned into a last minute Radius server setup and no one in our organization has any experience with them.  I think the issue is with who is allowed to log onto what.  Here are the enivronment details.
Active Directory 2003 domain with one 2008 DC
2008 DC has NPS role configured.  192.168.0.24
Radius Client = Bomgar  = 192.168.1.4
support.company.com = our company's address to access bomgar from the public internet

NPS Settings
Policies = default "user windows authentication for all users"

NPS Log shows
"ADC2","IAS",03/28/2014,08:27:42,1,"username","domain.COM/HQ Users/IT/Firstname Lastname",,,,,"support.company.com",,,0,"192.168.1.4","Bomgar",,,,,,,1,"Connections to other access servers",0,"311 1 192.168.0.24 03/27/2014 17:21:47 16",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,

"ADC2","IAS",03/28/2014,08:27:42,3,,"domain.COM/HQ Users/IT/FirstName LastName",,,,,,,,0,"192.168.1.4","Bomgar",,,,,,,1,"Connections to other access servers",66,"311 1 192.168.0.24 03/27/2014 17:21:47 16",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,

Bomgar logs show
CHECK_AUTH_RADIUS:INFO>RADIUS server rejected info

My notes:  
NAP-Capable should be off per bomgar
Shared secret is correct on both.  I get a different error message if I change one.
0
Comment
Question by:Madlife6
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39961463
Can you restart NPS service once and check please

Also NPS (Radius) server must be entered some where in your other application as well (Bomgar)

Also check what should be vendor class for application
0
 

Author Comment

by:Madlife6
ID: 39961571
I restarted the service and no change.  The RADIUS information is in Bomgar and they are communicating.  I troubleshot various connection issues, bad Shared Secrets, and Bomgar always gave me a "time out" error.  

I also just did a test with a "Fake" username and password and both the NPS logs and Bomgar logs show the same error message as when I use a real username and password.
0
 

Accepted Solution

by:
Madlife6 earned 0 total points
ID: 39973030
This was a dumb move on my part.  I thought the Domain Controllers could talk to Bomgar,  but the new 2008 DC did not have access through the firewall.  I gave this access and it is all set
0
 

Author Closing Comment

by:Madlife6
ID: 39982575
I choose my own solution,  because the problem was caused by a stupid error on my part.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question