Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Auth Server Timeout

This thread has been viewed 7 times

  • 1.  Auth Server Timeout

    Posted Jun 11, 2012 05:21 PM

    2 Controllers using VRRP (master/standby).  Amigopod for Guest access, getting the correct private IP, getting the redirect captive portal.  enter the valid username/password and getting Auth Server Timeout.  I can ping the amigopod server, can ping the controller, etc.  Amigopod and controller show no errors in logs.  Also failing 'Test AAA Server' in the diagnostics on the controller.  Can someone help?  Not sure what else to look at.



  • 2.  RE: Auth Server Timeout

    Posted Jun 11, 2012 05:39 PM

    On the controller CLI, do "show ip radius source-interface".  Is the address listed there the same one you used for your client configuration in Amigopod?



  • 3.  RE: Auth Server Timeout

    Posted Jun 11, 2012 05:45 PM

    address in Amigopod for NAS Server?  if so, yes.  I have all 5 IP's just incase ( master/standby vlan IP's, loopbacks & VRRP address)



  • 4.  RE: Auth Server Timeout

    Posted Jun 11, 2012 05:52 PM

    If you have the right NAS-IP in Amigopod, double check the key (you probably already did that, but I have to ask...).

     

    Is there any filters (firewalls or ACLs) between the controller and the Amigopod box that would drop RADIUS?



  • 5.  RE: Auth Server Timeout

    Posted Jun 12, 2012 09:35 AM

    I changed all keys (about 5 times :) ).  There is a fw inbetween but its not being blocked



  • 6.  RE: Auth Server Timeout
    Best Answer

    Posted Jun 12, 2012 09:04 AM

    On Amigopod run the Radius debugging.   It will show you details of the logon attempt that the traditional visible logs do not; including incorrect Radius shared secrets/keys.

     

    Under Radius --> Server Control --> Choose Debug Radius Server.  You'll get detailed output of the logon attempt that should help you.  If you still do not see any entries, I'd look to make sure the appropriate ports are open between the controllers and Amigopod.





  • 7.  RE: Auth Server Timeout

    Posted Jun 12, 2012 09:43 AM
    @clembo wrote:

    On Amigopod run the Radius debugging.   It will show you details of the logon attempt that the traditional visible logs do not; including incorrect Radius shared secrets/keys.

     

    Under Radius --> Server Control --> Choose Debug Radius Server.  You'll get detailed output of the logon attempt that should help you.  If you still do not see any entries, I'd look to make sure the appropriate ports are open between the controllers and Amigopod.



    THAT WAS IT! after debugging, it said key was incorrect.  I changed the RFC key on the controller and wah-la!  thanks for the help