Powered by Jitbit .Net Forum free trial version. dismiss

HomeGeneral

General issues

Radius Rejecting Dynamic Vlan Auth Messages in this topic - RSS

TheBadger
TheBadger
Posts: 13


2.08.2018
TheBadger
TheBadger
Posts: 13
Hi,

I have just configured TekRadius and have my test client configured, the log shows the following rejection
---------------------------------------------------------------------------------------------------------------

02.08.2018 20:04:37.772 - RadAuth req. from : 10.10.2.8:60897 [UDP]

Size : 191 / 191
Identifier : 138
Attributes :

NAS-IP-Address = 10.10.2.8
Calling-Station-Id = 00-04-F2-DC-05-14
Called-Station-Id = 78-8A-20-BF-EA-B2
NAS-Port = 30
NAS-Identifier = 78-8A-20-BF-EA-B1
State = 699ba3569d56a4ccb8a9d13cf8693fd7
Framed-MTU = 1500
NAS-Port-Type = 15
User-Name = 0004f2dc0514

02.08.2018 20:04:37.772 - EAP-MD5 Authentication commencing for user '0004f2dc0514' [0 (138)]

02.08.2018 20:04:37.772 - CHAP authentication commencing for user '0004f2dc0514' (Group: Vlan 210).

02.08.2018 20:04:37.772 - CHAP authentication failed for user '0004f2dc0514' (Group: Vlan 210).

02.08.2018 20:04:37.772 - Authentication failed for user '0004f2dc0514', CHAP authentication failed [1113]

---------------------------------------------------------------------------------------------------------------

The client device is a Ubiquiti Switch

Any pointers would be a big help.
0 link
Admin
Admin
Administrator
Posts: 4880


2.08.2018
Admin
Admin
Administrator
Posts: 4880
Hi,

Please check shared secret configured for 10.10.2.8 in TekRADIUS Manager / Clients tab matches with the one in Ubiquiti Switch


Best regards,


Yasin KAPLAN
0 link
TheBadger
TheBadger
Posts: 13


2.08.2018
TheBadger
TheBadger
Posts: 13
Hi,

Just double checked and its the same Secret on both!

Steve

Admin wrote:
Hi,

Please check shared secret configured for 10.10.2.8 in TekRADIUS Manager / Clients tab matches with the one in Ubiquiti Switch


Best regards,


Yasin KAPLAN
0 link
Admin
Admin
Administrator
Posts: 4880


2.08.2018
Admin
Admin
Administrator
Posts: 4880
What do you enter as password? Please try 0004f2dc0514 if you implement MAC authentication.
0 link
TheBadger
TheBadger
Posts: 13


2.08.2018
TheBadger
TheBadger
Posts: 13
I have attached an image of the user config showing the setup, would I add an atribute to enter the password? To be clear 0004f2dc0514 is a device plugged into the switch asking for auth


Admin wrote:
What do you enter as password? Please try 0004f2dc0514 if you implement MAC authentication.


0 link
Admin
Admin
Administrator
Posts: 4880


2.08.2018
Admin
Admin
Administrator
Posts: 4880
Try adding User-Password = 0004F2DC0514 as a check attribute. Please not that I have used capitalized MAC address. Please also see https://help.ubnt.com/hc/en-us/articles/115004589707-UniFi-USW-Configuring-Access-Policies-802-1X-for-Wired-Clients
0 link
TheBadger
TheBadger
Posts: 13


2.08.2018
TheBadger
TheBadger
Posts: 13
That got it.

Many thanks for your help and quick accurate responses.

Steve

Admin wrote:
Try adding User-Password = 0004F2DC0514 as a check attribute. Please not that I have used capitalized MAC address. Please also see https://help.ubnt.com/hc/en-us/articles/115004589707-UniFi-USW-Configuring-Access-Policies-802-1X-for-Wired-Clients
0 link
Admin
Admin
Administrator
Posts: 4880


2.08.2018
Admin
Admin
Administrator
Posts: 4880
You welcome
0 link






Powered by Jitbit Forum 8.3.8.0 © 2006-2013 Jitbit Software