Powered by Jitbit .Net Forum free trial version. dismiss

recent posts recent posts - RSS

3 days ago
Topic:
Aruba WPA-2 Enterprise authentication

Admin
Admin
Administrator
Posts: 4831
Admin
Admin
Administrator
Posts: 4831
Topic: Aruba WPA-2 Enterprise authentication
You must enable Add User-Name to Access-Accept Messages option at TekRADIUS Manager / Settings / Service Parameters when you enable EAP offloading in Aruba controller.
7 days ago
Topic:
Auth Fail requests go to default

Admin
Admin
Administrator
Posts: 4831
Admin
Admin
Administrator
Posts: 4831
Topic: Auth Fail requests go to default
Please apply update at https://www.kaplansoft.com/tekradius/release/TekRADIUS-Update.zip (or https://www.kaplansoft.com/tekradius/release/TekRADIUSLT-Update.zip) and try again.
8 days ago
Topic:
Auth Fail requests go to default

Admin
Admin
Administrator
Posts: 4831
Admin
Admin
Administrator
Posts: 4831
Topic: Auth Fail requests go to default
I'll provide an update in 12 hours
8 days ago
Topic:
Auth Fail requests go to default

TheBadger
TheBadger
Posts: 13
No, I dont have this in the Ini file
8 days ago
Topic:
Auth Fail requests go to default

TheBadger
TheBadger
Posts: 13
Admin wrote:
Do you have FailonPasswordFailure parameter in C:\Program Files (x86)\TekRADIUS\TekRADIUS.ini ?



No, do I just need FailonPasswordFailure=1 under servers?
8 days ago
Topic:
Auth Fail requests go to default

Admin
Admin
Administrator
Posts: 4831
Admin
Admin
Administrator
Posts: 4831
Topic: Auth Fail requests go to default
Do you have FailonPasswordFailure parameter in C:\Program Files (x86)\TekRADIUS\TekRADIUS.ini ?
8 days ago
Topic:
Auth Fail requests go to default

TheBadger
TheBadger
Posts: 13
I have. The attached is the full setting for the Default group.
8 days ago
Topic:
Auth Fail requests go to default

Admin
Admin
Administrator
Posts: 4831
Admin
Admin
Administrator
Posts: 4831
Topic: Auth Fail requests go to default
Have you added Failure-Reply-Type = Accept (Check) to user or group profile?
8 days ago
Topic:
Auth Fail requests go to default

TheBadger
TheBadger
Posts: 13
Admin wrote:
Can you send me TekRADIUS log entries for such connection attempt?



It looks to be assigning the Vlan but the port doesnt activate. Can you give me an idea what to try next.
8 days ago
Topic:
Auth Fail requests go to default

TheBadger
TheBadger
Posts: 13
Ah, ok. I found it. I was not applying the settings to the default group. Changed to that and Guest is granted.
8 days ago
Topic:
Auth Fail requests go to default

Admin
Admin
Administrator
Posts: 4831
Admin
Admin
Administrator
Posts: 4831
Topic: Auth Fail requests go to default
Can you send me TekRADIUS log entries for such connection attempt?
8 days ago
Topic:
Auth Fail requests go to default

TheBadger
TheBadger
Posts: 13
OK, so I tried this before and it woudnt work, I thought I was missing a catchall setting. If an unknown user pluggs in to a port I want them to be sent to Guest Vlan, I have those settings in a group already but rejected requests still dont get to the guest Vlan. Can you explain what I have got wrong please?
10 days ago
Topic:
Auth Fail requests go to default

Admin
Admin
Administrator
Posts: 4831
Admin
Admin
Administrator
Posts: 4831
Topic: Auth Fail requests go to default
Please add Failure-Reply-Type = Accept (Check) to user or group profile and Tunnel-Private-Group-ID = "Guest VLAN Id" as Failure-Reply type attribute to user or group profile.
10 days ago
Topic:
Auth Fail requests go to default

TheBadger
TheBadger
Posts: 13
I am looking for a way to allow failed radius requests go to the guest VLAN rather than just being denied. How can this be achieved using radius.
11 days ago
Topic:
Radius Rejecting Dynamic Vlan Auth Wifi Client

TheBadger
TheBadger
Posts: 13
I just made some changes to the AP and it accepted a connection from my phone and assigned the VLAN, I will test with a few more devices, could have just been a password issue in the end.
Admin wrote:
Hi,

Can you send me a Wireshark trace for this authentication attempt from TekRADIUS installed machine?

Best regards,

Yasin KAPLAN
11 days ago
Topic:
Radius Rejecting Dynamic Vlan Auth Wifi Client

Admin
Admin
Administrator
Posts: 4831
Admin
Admin
Administrator
Posts: 4831
Topic: Radius Rejecting Dynamic Vlan Auth Wifi Client
Hi,

Can you send me a Wireshark trace for this authentication attempt from TekRADIUS installed machine?

Best regards,

Yasin KAPLAN
11 days ago
Topic:
Radius Rejecting Dynamic Vlan Auth Wifi Client

TheBadger
TheBadger
Posts: 13
Hi,

My wired clients are gaining auth and a VLAN perfectly but the same user connecting on wifi gets the following error. Can you give me any insights to what I can try to get the same user auth through wifi.

This is the error on the log
----------------------------------

03.08.2018 10:23:54.731 - RadAuth req. from : 10.10.2.7:46540 [UDP]

Size : 166 / 166
Identifier : 1
Attributes :

Connect-Info = CONNECT 11Mbps 802.11b
Calling-Station-Id = 8C-85-90-27-DD-83
NAS-Identifier = fcecda40b248
User-Name = 8c859027dd83
Called-Station-Id = FC-EC-DA-40-B2-4A:Entanet
NAS-Port-Type = 19
NAS-IP-Address = 10.10.2.7

03.08.2018 10:23:54.731 - PAP Authentication failed for user '8c859027dd83', User-Password does not match ().

03.08.2018 10:23:54.731 - Authentication failed for user '8c859027dd83'

---------------
attached is the unifi setup page for the wifi
12 days ago
Topic:
Radius Rejecting Dynamic Vlan Auth

Admin
Admin
Administrator
Posts: 4831
Admin
Admin
Administrator
Posts: 4831
Topic: Radius Rejecting Dynamic Vlan Auth
You welcome
12 days ago
Topic:
Radius Rejecting Dynamic Vlan Auth

TheBadger
TheBadger
Posts: 13
That got it.

Many thanks for your help and quick accurate responses.

Steve

Admin wrote:
Try adding User-Password = 0004F2DC0514 as a check attribute. Please not that I have used capitalized MAC address. Please also see https://help.ubnt.com/hc/en-us/articles/115004589707-UniFi-USW-Configuring-Access-Policies-802-1X-for-Wired-Clients
12 days ago
Topic:
Radius Rejecting Dynamic Vlan Auth

Admin
Admin
Administrator
Posts: 4831
Admin
Admin
Administrator
Posts: 4831
Topic: Radius Rejecting Dynamic Vlan Auth
Try adding User-Password = 0004F2DC0514 as a check attribute. Please not that I have used capitalized MAC address. Please also see https://help.ubnt.com/hc/en-us/articles/115004589707-UniFi-USW-Configuring-Access-Policies-802-1X-for-Wired-Clients




Powered by Jitbit Forum 8.3.8.0 © 2006-2013 Jitbit Software