RADIUS-servers testing

redsector
Head in the Cloud

RADIUS-servers testing

Hi, does anybody know what to fill in in the RADIUS-test (Username / Password)?

Is it an Cisco ISE (RADIUS-server) account? (didn´t work).

Is it an Active Directory account? (didn´t work).

 

My RADIUS-server Cisco ISE is working well, everything does as it should be.

But I want to know how this test is working.

 

thanks

Bildschirmfoto 2019-04-12 um 14.15.54.png

12 Replies 12
kYutobi
Kind of a big deal

Try !YOURDOMAIN!/username and password.

Enthusiast
redsector
Head in the Cloud

This is not working. This error message appeared: Authentication failed while testing on one of your APs. This means the RADIUS server was reached but your credentials were incorrect. The test was stopped to prevent this account from being locked out due to multiple failed attempts. Please try again with different username and/or password.

 

I think it´s not a domain-account.

Ok My radius was working perfectly, but I updated my Windows Server 2019 and promoted to Domain Controller. There is a firewall rule allowing NPS but their is a Windows bug in the firewall.

If your Radius server is Windows temporarily disable all firewalls and try to Authenticate again.

 

you will get Authentication Failed even if you reach radius server.

Firewall bug blocking port 1812

 

 

The Radius server is not a Windows-server it´s the Cisco ISE.

Thank goodness I read this post.  It was for sure the firewall.  I disabled the firewall and everything passed.  I literally resintalled a fresh server 2019 standard and datacenter, checked my 1812-1813 firewall rules and nothing worked.   Thank you thank you thank you

This was it, dam firewall even though I had 1812 opened to any any
jdsilva
Kind of a big deal

It's whatever that RADIUS server you specified is configured to authenticate against. Check the RADIUS logs to see why it's failing. 

Dudleydogg
A model citizen

if the Radius server is running on  say  "mydomain.com"  it already knows the Realm

so you would only put in user/pass in those fields.

you do not need the Realm Domain or @domain.com 

 

TBisel
Getting noticed

For anyone still looking, just ran into this issue myself. For some reason the pre-existing firewall rule for port 1812 is garbage and doesn't work. If you disable Windows firewall or make a new rule to allow just port 1812 everything functions as it should.

On ISE, have you need to enable weak ciphers option in allowed protocols?  Otherwise a test from Meraki dashboard will not hit your ISE rules.

 

 

athan1234
Building a reputation

So  I have   the same  problem   . Where I get obtein the username ?

@redsector  did you get acces?

redsector_0-1640096960831.png

-Yes, it´s working.

Get notified when there are additional replies to this discussion.