Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 335
  • Last Modified:

Issues with first Radius Server

PCI demands we setup 2 factor authentication,  so it has turned into a last minute Radius server setup and no one in our organization has any experience with them.  I think the issue is with who is allowed to log onto what.  Here are the enivronment details.
Active Directory 2003 domain with one 2008 DC
2008 DC has NPS role configured.  192.168.0.24
Radius Client = Bomgar  = 192.168.1.4
support.company.com = our company's address to access bomgar from the public internet

NPS Settings
Policies = default "user windows authentication for all users"

NPS Log shows
"ADC2","IAS",03/28/2014,08:27:42,1,"username","domain.COM/HQ Users/IT/Firstname Lastname",,,,,"support.company.com",,,0,"192.168.1.4","Bomgar",,,,,,,1,"Connections to other access servers",0,"311 1 192.168.0.24 03/27/2014 17:21:47 16",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,

"ADC2","IAS",03/28/2014,08:27:42,3,,"domain.COM/HQ Users/IT/FirstName LastName",,,,,,,,0,"192.168.1.4","Bomgar",,,,,,,1,"Connections to other access servers",66,"311 1 192.168.0.24 03/27/2014 17:21:47 16",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,

Bomgar logs show
CHECK_AUTH_RADIUS:INFO>RADIUS server rejected info

My notes:  
NAP-Capable should be off per bomgar
Shared secret is correct on both.  I get a different error message if I change one.
0
Madlife6
Asked:
Madlife6
  • 3
1 Solution
 
MaheshArchitectCommented:
Can you restart NPS service once and check please

Also NPS (Radius) server must be entered some where in your other application as well (Bomgar)

Also check what should be vendor class for application
0
 
Madlife6Author Commented:
I restarted the service and no change.  The RADIUS information is in Bomgar and they are communicating.  I troubleshot various connection issues, bad Shared Secrets, and Bomgar always gave me a "time out" error.  

I also just did a test with a "Fake" username and password and both the NPS logs and Bomgar logs show the same error message as when I use a real username and password.
0
 
Madlife6Author Commented:
This was a dumb move on my part.  I thought the Domain Controllers could talk to Bomgar,  but the new 2008 DC did not have access through the firewall.  I gave this access and it is all set
0
 
Madlife6Author Commented:
I choose my own solution,  because the problem was caused by a stupid error on my part.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now