Solved

Issues with first Radius Server

Posted on 2014-03-28
4
327 Views
Last Modified: 2014-04-07
PCI demands we setup 2 factor authentication,  so it has turned into a last minute Radius server setup and no one in our organization has any experience with them.  I think the issue is with who is allowed to log onto what.  Here are the enivronment details.
Active Directory 2003 domain with one 2008 DC
2008 DC has NPS role configured.  192.168.0.24
Radius Client = Bomgar  = 192.168.1.4
support.company.com = our company's address to access bomgar from the public internet

NPS Settings
Policies = default "user windows authentication for all users"

NPS Log shows
"ADC2","IAS",03/28/2014,08:27:42,1,"username","domain.COM/HQ Users/IT/Firstname Lastname",,,,,"support.company.com",,,0,"192.168.1.4","Bomgar",,,,,,,1,"Connections to other access servers",0,"311 1 192.168.0.24 03/27/2014 17:21:47 16",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,

"ADC2","IAS",03/28/2014,08:27:42,3,,"domain.COM/HQ Users/IT/FirstName LastName",,,,,,,,0,"192.168.1.4","Bomgar",,,,,,,1,"Connections to other access servers",66,"311 1 192.168.0.24 03/27/2014 17:21:47 16",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,

Bomgar logs show
CHECK_AUTH_RADIUS:INFO>RADIUS server rejected info

My notes:  
NAP-Capable should be off per bomgar
Shared secret is correct on both.  I get a different error message if I change one.
0
Comment
Question by:Madlife6
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39961463
Can you restart NPS service once and check please

Also NPS (Radius) server must be entered some where in your other application as well (Bomgar)

Also check what should be vendor class for application
0
 

Author Comment

by:Madlife6
ID: 39961571
I restarted the service and no change.  The RADIUS information is in Bomgar and they are communicating.  I troubleshot various connection issues, bad Shared Secrets, and Bomgar always gave me a "time out" error.  

I also just did a test with a "Fake" username and password and both the NPS logs and Bomgar logs show the same error message as when I use a real username and password.
0
 

Accepted Solution

by:
Madlife6 earned 0 total points
ID: 39973030
This was a dumb move on my part.  I thought the Domain Controllers could talk to Bomgar,  but the new 2008 DC did not have access through the firewall.  I gave this access and it is all set
0
 

Author Closing Comment

by:Madlife6
ID: 39982575
I choose my own solution,  because the problem was caused by a stupid error on my part.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question