08-31-2021 10:37 AM
Good morning, I am using a Cisco RV340 router,
I am getting the following error
<error>charon: pam_radius_auth: No RADIUS server found in configuration file /etc/raddb/server
With the Running Configuration I do not have any setup on the Radius user setting
This happened when I was testing a Radius server setting in User Account. However I messed up and I have to go revert to a startup configuration that didn't have that Radius user setting. After when I do IKEV2 VPN I get that error, how do I get back to a previous state. Thanks for any help/
Solved! Go to Solution.
08-31-2021 03:14 PM
Hi
>>>>After when I do IKEV2 VPN I get that error, how do I get back to a previous state. Thanks for any help
1. You must have created/configured either (or both)
- a Site-to-Site VPN Tunnel entry (under VPN/Site-to-Site in GUI), using IKEv2 & enabled Extended-Authentication
- a Client-to-Site (C2S) VPN server for IKEv2 and enabled Extended-Authentication in this server profile/entry
2. Just FYI and reference, When you use IKEv2 and you enable Extended-Authentication, EAP-authentication will be configured for the vpn-tunnel/vpn-server, and EAP means that Radius-server has to be enabled/configured in "System-Mgmnt/User-Accounts GUI page"
So to "revert" back, you need to simply do this below in your present running-config and then apply, and then do a permanent-save to startup-config
1. If its a existing active S2S tunnel in which you have enabled extended-auth, then please "disable/uncheck" the extended-auth setting and do a "Apply and also a permanent-save to startup-config"
- Optionally, you may or may-not "delete" the Radius-server entry in "User-Accounts" page
2. If its a new/experimental S2S tunnel entry with extended-auth enabled, then simply "delete" the entry/tunnel AND do a "Apply and a permanent-save to startup-config"
- Optionally, you may or may-not "delete" the Radius-server entry in "User-Accounts" page
3. If its a C2S(client-to-site) server profile you have created for IKEv2 clients, simply delete this entry and do a "Apply and permanent-save to startup-config"
- Optionally, you may or may-not "delete" the Radius-server entry in "User-Accounts" page
- if you want to you can always create another C2S server profile/entry for IKEv2 clients without the extended-auth enabled later and test it.
08-31-2021 03:14 PM
Hi
>>>>After when I do IKEV2 VPN I get that error, how do I get back to a previous state. Thanks for any help
1. You must have created/configured either (or both)
- a Site-to-Site VPN Tunnel entry (under VPN/Site-to-Site in GUI), using IKEv2 & enabled Extended-Authentication
- a Client-to-Site (C2S) VPN server for IKEv2 and enabled Extended-Authentication in this server profile/entry
2. Just FYI and reference, When you use IKEv2 and you enable Extended-Authentication, EAP-authentication will be configured for the vpn-tunnel/vpn-server, and EAP means that Radius-server has to be enabled/configured in "System-Mgmnt/User-Accounts GUI page"
So to "revert" back, you need to simply do this below in your present running-config and then apply, and then do a permanent-save to startup-config
1. If its a existing active S2S tunnel in which you have enabled extended-auth, then please "disable/uncheck" the extended-auth setting and do a "Apply and also a permanent-save to startup-config"
- Optionally, you may or may-not "delete" the Radius-server entry in "User-Accounts" page
2. If its a new/experimental S2S tunnel entry with extended-auth enabled, then simply "delete" the entry/tunnel AND do a "Apply and a permanent-save to startup-config"
- Optionally, you may or may-not "delete" the Radius-server entry in "User-Accounts" page
3. If its a C2S(client-to-site) server profile you have created for IKEv2 clients, simply delete this entry and do a "Apply and permanent-save to startup-config"
- Optionally, you may or may-not "delete" the Radius-server entry in "User-Accounts" page
- if you want to you can always create another C2S server profile/entry for IKEv2 clients without the extended-auth enabled later and test it.
09-01-2021 07:25 AM
Nagrajk, Thanks, found out the error message was being produced when my radius server is communicating with the router. Turning off the NPS eliminated the error message. Your solution for reverting back was spot on correct Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide