Solved: Radius Connection Issue

Andy_NAG · ‎11-02-2017

setting up Radius Authentication for our corp network.

followed the instruction in terms of NPS but when i test the radius server it fails to connect. it doesnt give out any other error.

i checked the radius server and i have added the AP and went through event logs but i cant find any failures under security logs.

NPS logs doesnt have any record.

i am able to ping the radius server from the subnet i am on.

any other pointers or location i need to check.

Andy_NAG · ‎11-07-2017

its all sorted.

stupidest thing fixed the issue. not really sure how or why its fixed but its fixed.

IT 101 reboot the bloody NPS server.

View solution in original post

Philip D'Ath · ‎11-02-2017

That typically happens when the RADIUS key does not match.

In NPS (at least in Server 2012R2 or better) you can assign a subnet that all clients are in (such as 10.0.0.0/8) and a common key. This makes it easy to leave Meraki devices configured to use DHCP (like access points).

Andy_NAG · ‎11-02-2017

i am running this on Server 2012.

but if its a bad key shouldnt i see it somewhere??

i am using radius only for corp network and the ip's will be forwarded via dhcp from our lan.

Philip D'Ath · ‎11-02-2017

Nope. It logs nothing - nudda - if the key is wrong.

Andy_NAG · ‎11-02-2017

great.

any other possibilities of why this is not working?

daviscot · ‎11-02-2017

@Philip D'Ath is likely correct, the most common issue is a mismatched shared secret between the AP and RADIUS server, but it could sometimes be fat-fingered IP address settings and a UDP port mismatch (make sure it's using 1812 and not some other port like 1645). Any of those things would likely cause radio silence from the RADIUS server.

Andy_NAG · ‎11-02-2017

its definitely 1812 and i have confirmed the password with 2 different people its definetly right.

i am using my account with and without domain prefix and confirmed the password.

my admin account has access to NPS server so i am not sure what else can be wrong.

this is is annoying the living daylights out of me.

daviscot · ‎11-02-2017

Are you using an actual wireless client/supplicant or the "Test" button on the Access Control page in Dashboard? You already ran packet captures and/or ran it by Support to assist with some pcaps? Let's see what is or isn't traversing the AP.

Andy_NAG · ‎11-02-2017

i am doing test via dashboard of meraki

rahulharinair · ‎11-02-2017

Even the ports and shared secret is right, and still you face the issue with connectivity??, then it would be radius server is not allowing the AP which you are trying to connect, there is an option to alloow the MAC address of AP in RADIUS and allow subnet of the AP in the RADIUS.. please ensure both.

Philip D'Ath · ‎11-02-2017

I have had issues with NPS many times where it doesn't log anything to the event viewer, like it should. Enable the option to log to a TXT file. By default it writes it out to:

c:\windows\system32\LogFiles

And the files begin with IN*. As long as the RADIUS secret is correct it will log success and failed responses there. They are a pain to read.

Andy_NAG · ‎11-02-2017

Hi Philip,

i did check that location but i dont see any files with IN. all i see are multiple subfolders but nothing says as radius server related.

Philip D'Ath · ‎11-02-2017

In NPS right click the NPS server and select "properties". Make sure you have ticked to logged accepted and rejected connections.

Andy_NAG · ‎11-02-2017

logs are ticked for authentication success n reject.

iam verifying your other reply

Philip D'Ath · ‎11-02-2017