RADIUS Testing
From Swivel Knowledgebase Wiki
Contents |
Overview
How to test RADIUS authentication. A successful RADIUS authentication should display a PINsafe log message such as:
RADIUS: <87> Access-Accept(2) LEN=57 <IP address>:12004 Access-Request by <username> succeeded Successful RADIUS authentication
An incorrectly entered One Time Code for RADIUS authentication should display a PINsafe log message such as:
RADIUS: <86> Access-Request(1) LEN=57 <IP address>:12004 Access-Request by <username> Failed: AccessRejectException:
For further information on RADIUS see RADIUS How To Guide
Prerequisites
RADIUS test tool such as NTRadPing or tool built into authentication device.
Symptoms
Authentication device is not communicating with the PINsafe RADIUS server.
RADIUS request is sent from Access Device, but does not reach the PINsafe server.
RADIUS request is sent from Access Device, and reaches the network interface but does not reach the PINsafe application.
Solution
1. Check RADIUS is running on the PINsafe server. The PINsafe log should show a message of RADIUS server manager started. If not look for other log messages.
2. Check Network communication, can the PINsafe server receive a ping from the authentication device (Note it is possible that a firewall may be blocking ICMP, but not DNS traffic).
3. Check to see if communication is possible between the authentication device and the PINsafe server on the RADIUS port. Note: RADIUS uses UDP which is a connectionless protocol and therefore cannot be tested with tools such as Telnet. Some authentication devices have RADIUS test tools built into them. Another tool is NTRadPing (Search for NTRadPing.exe) which allows testing from a Windows machine.
4. If different ports are used check that any local firewall, such as that on the appliance is not blocking the new assigned ports. If a local firewall is blocking access, the RADIUS request will be received on the ethernet interface, but will not reach the PINsafe Application.
