Solved

Issues with first Radius Server

Posted on 2014-03-28
4
322 Views
Last Modified: 2014-04-07
PCI demands we setup 2 factor authentication,  so it has turned into a last minute Radius server setup and no one in our organization has any experience with them.  I think the issue is with who is allowed to log onto what.  Here are the enivronment details.
Active Directory 2003 domain with one 2008 DC
2008 DC has NPS role configured.  192.168.0.24
Radius Client = Bomgar  = 192.168.1.4
support.company.com = our company's address to access bomgar from the public internet

NPS Settings
Policies = default "user windows authentication for all users"

NPS Log shows
"ADC2","IAS",03/28/2014,08:27:42,1,"username","domain.COM/HQ Users/IT/Firstname Lastname",,,,,"support.company.com",,,0,"192.168.1.4","Bomgar",,,,,,,1,"Connections to other access servers",0,"311 1 192.168.0.24 03/27/2014 17:21:47 16",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,

"ADC2","IAS",03/28/2014,08:27:42,3,,"domain.COM/HQ Users/IT/FirstName LastName",,,,,,,,0,"192.168.1.4","Bomgar",,,,,,,1,"Connections to other access servers",66,"311 1 192.168.0.24 03/27/2014 17:21:47 16",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,

Bomgar logs show
CHECK_AUTH_RADIUS:INFO>RADIUS server rejected info

My notes:  
NAP-Capable should be off per bomgar
Shared secret is correct on both.  I get a different error message if I change one.
0
Comment
Question by:Madlife6
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39961463
Can you restart NPS service once and check please

Also NPS (Radius) server must be entered some where in your other application as well (Bomgar)

Also check what should be vendor class for application
0
 

Author Comment

by:Madlife6
ID: 39961571
I restarted the service and no change.  The RADIUS information is in Bomgar and they are communicating.  I troubleshot various connection issues, bad Shared Secrets, and Bomgar always gave me a "time out" error.  

I also just did a test with a "Fake" username and password and both the NPS logs and Bomgar logs show the same error message as when I use a real username and password.
0
 

Accepted Solution

by:
Madlife6 earned 0 total points
ID: 39973030
This was a dumb move on my part.  I thought the Domain Controllers could talk to Bomgar,  but the new 2008 DC did not have access through the firewall.  I gave this access and it is all set
0
 

Author Closing Comment

by:Madlife6
ID: 39982575
I choose my own solution,  because the problem was caused by a stupid error on my part.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question