Security

Hi Airheads Communtiry,

I am currently facing an issue at the controller of a customer of mine.
Regarding to this old discussion I tried to troubleshoot the configuration or the behavior.
But I was Unable to resolve the issue.
I try to authenticate admin users and Lobby Users via Radius.
But I am currently even unable to simply authenticate into the default role and I am not sure where the misconfiguration is.
Do I have to change the configuration of my Controller or is there a problem at the configuration of my Radius?
I can provide you the output of the Debug I have performed already like it was described in the old discussion.

Aug 8 15:13:37 :124011:  <INFO> |authmgr|  Test authenticating user winketa:****** using server Radius1Aug 8 15:13:37 :121041:  <DBUG> |authmgr|  User winketa MAC=00:00:00:00:00:00 not found.Aug 8 15:13:37 :124004:  <DBUG> |authmgr|  Auth server 'Radius1' response=0Aug 8 15:13:37 :124019:  <INFO> |authmgr|  Test server response: Authentication SuccessfulAug 8 15:11:38 :124004:  <DBUG> |authmgr|  RX (sock) message of type 1, len 1016Aug 8 15:11:38 :124546:  <DBUG> |authmgr|  aal_authenticate user:winketa vpnflags:0.Aug 8 15:11:38 :124004:  <DBUG> |authmgr|  unknown user=172.31.29.241, method=ManagementAug 8 15:11:38 :124547:  <DBUG> |authmgr|  aal_authenticate server_group:default.Aug 8 15:11:38 :124004:  <DBUG> |authmgr|  Select server for method=Management, user=winketa, essid=<>, server-group=KVB_RADIUS_ADMIN, last_srv <>Aug 8 15:11:38 :124004:  <DBUG> |authmgr|   server=Radius1, ena=1, ins=1 (1)Aug 8 15:11:38 :124038:  <INFO> |authmgr|  Selected server Radius1 for method=Management; user=winketa,  essid=<>, domain=<>, server-group=RADIUS_ADMINAug 8 15:11:38 :124064:  <NOTI> |authmgr|  Administrative User result=Authentication failed(1), method=Management, username=winketa IP=172.31.29.241 auth server=Radius1Aug 8 15:11:38 :124003:  <INFO> |authmgr|  Authentication result=Authentication failed(1), method=Management, server=Radius1, user=172.31.29.241Aug 8 15:11:38 :124004:  <DBUG> |authmgr|  Auth server 'Radius1' response=1Aug 8 15:11:38 :125022:  <WARN> |aaa|  Authentication failed for User winketa, Logged in from 172.31.29.241 port 56934, Connecting to 172.31.190.50 port 4343 connection type HTTPS

I tried to login via with the User "winketa" in the AAA diagnostics tool everything went fine. As you see in my first authentication attempt. The radius returns a successful authentication.
But if I try to log into the WebGUI using the same credentials the controller sends some additional information to the radius like the issuing hosts IP address.
I think this is why my radius sends a authentication reject.
But I cant see where I can change this behavior.
Or where my misconfiguration is?
Here I have a screenshot with my current configuration.

I already tried several "Server Rules" I also tried to have no "Server Rules" applied but nothing changed the current behavior.

Do you guys have any idea how to solve this issue?

I like to thank you for your support in advance!

Greetings

WiFi_Newbie

Nearly 10 years later I am having the same issue.  I've set up AAA on the Aruba WLC, successfully run the AAA Server Test tool against my management user, but can login to neither the GUI nor CLI.  I don't see a resolution to the OP's problem.  I'm using the same RADIUS server for SSH switch management and Cisco Prime Infrastructure management.  Why would the Aruba diagnostic tool report that it can authenticate against RADIUS, the RADIUS logs tell me that the user account is granted access, but the get denied by the CLI and GUI?  TIA!

Hi Airheads Communtiry,

I am currently facing an issue at the controller of a customer of mine.
Regarding to this old discussion I tried to troubleshoot the configuration or the behavior.
But I was Unable to resolve the issue.
I try to authenticate admin users and Lobby Users via Radius.
But I am currently even unable to simply authenticate into the default role and I am not sure where the misconfiguration is.
Do I have to change the configuration of my Controller or is there a problem at the configuration of my Radius?
I can provide you the output of the Debug I have performed already like it was described in the old discussion.

Aug 8 15:13:37 :124011:  <INFO> |authmgr|  Test authenticating user winketa:****** using server Radius1Aug 8 15:13:37 :121041:  <DBUG> |authmgr|  User winketa MAC=00:00:00:00:00:00 not found.Aug 8 15:13:37 :124004:  <DBUG> |authmgr|  Auth server 'Radius1' response=0Aug 8 15:13:37 :124019:  <INFO> |authmgr|  Test server response: Authentication SuccessfulAug 8 15:11:38 :124004:  <DBUG> |authmgr|  RX (sock) message of type 1, len 1016Aug 8 15:11:38 :124546:  <DBUG> |authmgr|  aal_authenticate user:winketa vpnflags:0.Aug 8 15:11:38 :124004:  <DBUG> |authmgr|  unknown user=172.31.29.241, method=ManagementAug 8 15:11:38 :124547:  <DBUG> |authmgr|  aal_authenticate server_group:default.Aug 8 15:11:38 :124004:  <DBUG> |authmgr|  Select server for method=Management, user=winketa, essid=<>, server-group=KVB_RADIUS_ADMIN, last_srv <>Aug 8 15:11:38 :124004:  <DBUG> |authmgr|   server=Radius1, ena=1, ins=1 (1)Aug 8 15:11:38 :124038:  <INFO> |authmgr|  Selected server Radius1 for method=Management; user=winketa,  essid=<>, domain=<>, server-group=RADIUS_ADMINAug 8 15:11:38 :124064:  <NOTI> |authmgr|  Administrative User result=Authentication failed(1), method=Management, username=winketa IP=172.31.29.241 auth server=Radius1Aug 8 15:11:38 :124003:  <INFO> |authmgr|  Authentication result=Authentication failed(1), method=Management, server=Radius1, user=172.31.29.241Aug 8 15:11:38 :124004:  <DBUG> |authmgr|  Auth server 'Radius1' response=1Aug 8 15:11:38 :125022:  <WARN> |aaa|  Authentication failed for User winketa, Logged in from 172.31.29.241 port 56934, Connecting to 172.31.190.50 port 4343 connection type HTTPS

I tried to login via with the User "winketa" in the AAA diagnostics tool everything went fine. As you see in my first authentication attempt. The radius returns a successful authentication.
But if I try to log into the WebGUI using the same credentials the controller sends some additional information to the radius like the issuing hosts IP address.
I think this is why my radius sends a authentication reject.
But I cant see where I can change this behavior.
Or where my misconfiguration is?
Here I have a screenshot with my current configuration.

I already tried several "Server Rules" I also tried to have no "Server Rules" applied but nothing changed the current behavior.

Do you guys have any idea how to solve this issue?

I like to thank you for your support in advance!

Greetings

WiFi_Newbie

Admin login on the Aruba controller works fine, what error message do you get in ClearPass?
Please also share the admin authentication options for the controller.

Nearly 10 years later I am having the same issue.  I've set up AAA on the Aruba WLC, successfully run the AAA Server Test tool against my management user, but can login to neither the GUI nor CLI.  I don't see a resolution to the OP's problem.  I'm using the same RADIUS server for SSH switch management and Cisco Prime Infrastructure management.  Why would the Aruba diagnostic tool report that it can authenticate against RADIUS, the RADIUS logs tell me that the user account is granted access, but the get denied by the CLI and GUI?  TIA!

Hi Airheads Communtiry,

I am currently facing an issue at the controller of a customer of mine.
Regarding to this old discussion I tried to troubleshoot the configuration or the behavior.
But I was Unable to resolve the issue.
I try to authenticate admin users and Lobby Users via Radius.
But I am currently even unable to simply authenticate into the default role and I am not sure where the misconfiguration is.
Do I have to change the configuration of my Controller or is there a problem at the configuration of my Radius?
I can provide you the output of the Debug I have performed already like it was described in the old discussion.

Aug 8 15:13:37 :124011:  <INFO> |authmgr|  Test authenticating user winketa:****** using server Radius1Aug 8 15:13:37 :121041:  <DBUG> |authmgr|  User winketa MAC=00:00:00:00:00:00 not found.Aug 8 15:13:37 :124004:  <DBUG> |authmgr|  Auth server 'Radius1' response=0Aug 8 15:13:37 :124019:  <INFO> |authmgr|  Test server response: Authentication SuccessfulAug 8 15:11:38 :124004:  <DBUG> |authmgr|  RX (sock) message of type 1, len 1016Aug 8 15:11:38 :124546:  <DBUG> |authmgr|  aal_authenticate user:winketa vpnflags:0.Aug 8 15:11:38 :124004:  <DBUG> |authmgr|  unknown user=172.31.29.241, method=ManagementAug 8 15:11:38 :124547:  <DBUG> |authmgr|  aal_authenticate server_group:default.Aug 8 15:11:38 :124004:  <DBUG> |authmgr|  Select server for method=Management, user=winketa, essid=<>, server-group=KVB_RADIUS_ADMIN, last_srv <>Aug 8 15:11:38 :124004:  <DBUG> |authmgr|   server=Radius1, ena=1, ins=1 (1)Aug 8 15:11:38 :124038:  <INFO> |authmgr|  Selected server Radius1 for method=Management; user=winketa,  essid=<>, domain=<>, server-group=RADIUS_ADMINAug 8 15:11:38 :124064:  <NOTI> |authmgr|  Administrative User result=Authentication failed(1), method=Management, username=winketa IP=172.31.29.241 auth server=Radius1Aug 8 15:11:38 :124003:  <INFO> |authmgr|  Authentication result=Authentication failed(1), method=Management, server=Radius1, user=172.31.29.241Aug 8 15:11:38 :124004:  <DBUG> |authmgr|  Auth server 'Radius1' response=1Aug 8 15:11:38 :125022:  <WARN> |aaa|  Authentication failed for User winketa, Logged in from 172.31.29.241 port 56934, Connecting to 172.31.190.50 port 4343 connection type HTTPS

I tried to login via with the User "winketa" in the AAA diagnostics tool everything went fine. As you see in my first authentication attempt. The radius returns a successful authentication.
But if I try to log into the WebGUI using the same credentials the controller sends some additional information to the radius like the issuing hosts IP address.
I think this is why my radius sends a authentication reject.
But I cant see where I can change this behavior.
Or where my misconfiguration is?
Here I have a screenshot with my current configuration.

I already tried several "Server Rules" I also tried to have no "Server Rules" applied but nothing changed the current behavior.

Do you guys have any idea how to solve this issue?

I like to thank you for your support in advance!

Greetings

WiFi_Newbie

I'll give you the TL;DR version of the story.

ClearPass is not currently online. Yes, the local admin account works fine. NPS says access granted. The controller error reads:

aaa[3628]:<125022> <3628> <WARN> |aaa| Authentication failed for "user", Logged in from x.x.x.x port 22, Connecting to y.y.y.y  port 55115 connection type SSH

and another error message follows which reads: Failed password for "user" from x.x.x.x port 55115 ssh2.

Admin Authentication Options

default role: standard

enable: checked

mschapv2: unchecked

server group: "the one I created"

management telnet access: unchecked

Login activities persistence period: 0 days

Login banner text: NA

Banner has to be accepted: unchecked

I appreciate your input!

Admin login on the Aruba controller works fine, what error message do you get in ClearPass?
Please also share the admin authentication options for the controller.

Nearly 10 years later I am having the same issue.  I've set up AAA on the Aruba WLC, successfully run the AAA Server Test tool against my management user, but can login to neither the GUI nor CLI.  I don't see a resolution to the OP's problem.  I'm using the same RADIUS server for SSH switch management and Cisco Prime Infrastructure management.  Why would the Aruba diagnostic tool report that it can authenticate against RADIUS, the RADIUS logs tell me that the user account is granted access, but the get denied by the CLI and GUI?  TIA!

Hi Airheads Communtiry,

I am currently facing an issue at the controller of a customer of mine.
Regarding to this old discussion I tried to troubleshoot the configuration or the behavior.
But I was Unable to resolve the issue.
I try to authenticate admin users and Lobby Users via Radius.
But I am currently even unable to simply authenticate into the default role and I am not sure where the misconfiguration is.
Do I have to change the configuration of my Controller or is there a problem at the configuration of my Radius?
I can provide you the output of the Debug I have performed already like it was described in the old discussion.

Aug 8 15:13:37 :124011:  <INFO> |authmgr|  Test authenticating user winketa:****** using server Radius1Aug 8 15:13:37 :121041:  <DBUG> |authmgr|  User winketa MAC=00:00:00:00:00:00 not found.Aug 8 15:13:37 :124004:  <DBUG> |authmgr|  Auth server 'Radius1' response=0Aug 8 15:13:37 :124019:  <INFO> |authmgr|  Test server response: Authentication SuccessfulAug 8 15:11:38 :124004:  <DBUG> |authmgr|  RX (sock) message of type 1, len 1016Aug 8 15:11:38 :124546:  <DBUG> |authmgr|  aal_authenticate user:winketa vpnflags:0.Aug 8 15:11:38 :124004:  <DBUG> |authmgr|  unknown user=172.31.29.241, method=ManagementAug 8 15:11:38 :124547:  <DBUG> |authmgr|  aal_authenticate server_group:default.Aug 8 15:11:38 :124004:  <DBUG> |authmgr|  Select server for method=Management, user=winketa, essid=<>, server-group=KVB_RADIUS_ADMIN, last_srv <>Aug 8 15:11:38 :124004:  <DBUG> |authmgr|   server=Radius1, ena=1, ins=1 (1)Aug 8 15:11:38 :124038:  <INFO> |authmgr|  Selected server Radius1 for method=Management; user=winketa,  essid=<>, domain=<>, server-group=RADIUS_ADMINAug 8 15:11:38 :124064:  <NOTI> |authmgr|  Administrative User result=Authentication failed(1), method=Management, username=winketa IP=172.31.29.241 auth server=Radius1Aug 8 15:11:38 :124003:  <INFO> |authmgr|  Authentication result=Authentication failed(1), method=Management, server=Radius1, user=172.31.29.241Aug 8 15:11:38 :124004:  <DBUG> |authmgr|  Auth server 'Radius1' response=1Aug 8 15:11:38 :125022:  <WARN> |aaa|  Authentication failed for User winketa, Logged in from 172.31.29.241 port 56934, Connecting to 172.31.190.50 port 4343 connection type HTTPS

I tried to login via with the User "winketa" in the AAA diagnostics tool everything went fine. As you see in my first authentication attempt. The radius returns a successful authentication.
But if I try to log into the WebGUI using the same credentials the controller sends some additional information to the radius like the issuing hosts IP address.
I think this is why my radius sends a authentication reject.
But I cant see where I can change this behavior.
Or where my misconfiguration is?
Here I have a screenshot with my current configuration.

I already tried several "Server Rules" I also tried to have no "Server Rules" applied but nothing changed the current behavior.

Do you guys have any idea how to solve this issue?

I like to thank you for your support in advance!

Greetings

WiFi_Newbie

The config looks the same for me.

Does NPS send any aruba-radius-attributes or just an accept?

Increase the log level for security-aaa and security-auth-amon to debugging and check logs again.

I'll give you the TL;DR version of the story.

ClearPass is not currently online. Yes, the local admin account works fine. NPS says access granted. The controller error reads:

aaa[3628]:<125022> <3628> <WARN> |aaa| Authentication failed for "user", Logged in from x.x.x.x port 22, Connecting to y.y.y.y  port 55115 connection type SSH

and another error message follows which reads: Failed password for "user" from x.x.x.x port 55115 ssh2.

Admin Authentication Options

default role: standard

enable: checked

mschapv2: unchecked

server group: "the one I created"

management telnet access: unchecked

Login activities persistence period: 0 days

Login banner text: NA

Banner has to be accepted: unchecked

I appreciate your input!

Admin login on the Aruba controller works fine, what error message do you get in ClearPass?
Please also share the admin authentication options for the controller.

Nearly 10 years later I am having the same issue.  I've set up AAA on the Aruba WLC, successfully run the AAA Server Test tool against my management user, but can login to neither the GUI nor CLI.  I don't see a resolution to the OP's problem.  I'm using the same RADIUS server for SSH switch management and Cisco Prime Infrastructure management.  Why would the Aruba diagnostic tool report that it can authenticate against RADIUS, the RADIUS logs tell me that the user account is granted access, but the get denied by the CLI and GUI?  TIA!

Hi Airheads Communtiry,

I am currently facing an issue at the controller of a customer of mine.
Regarding to this old discussion I tried to troubleshoot the configuration or the behavior.
But I was Unable to resolve the issue.
I try to authenticate admin users and Lobby Users via Radius.
But I am currently even unable to simply authenticate into the default role and I am not sure where the misconfiguration is.
Do I have to change the configuration of my Controller or is there a problem at the configuration of my Radius?
I can provide you the output of the Debug I have performed already like it was described in the old discussion.

Aug 8 15:13:37 :124011:  <INFO> |authmgr|  Test authenticating user winketa:****** using server Radius1Aug 8 15:13:37 :121041:  <DBUG> |authmgr|  User winketa MAC=00:00:00:00:00:00 not found.Aug 8 15:13:37 :124004:  <DBUG> |authmgr|  Auth server 'Radius1' response=0Aug 8 15:13:37 :124019:  <INFO> |authmgr|  Test server response: Authentication SuccessfulAug 8 15:11:38 :124004:  <DBUG> |authmgr|  RX (sock) message of type 1, len 1016Aug 8 15:11:38 :124546:  <DBUG> |authmgr|  aal_authenticate user:winketa vpnflags:0.Aug 8 15:11:38 :124004:  <DBUG> |authmgr|  unknown user=172.31.29.241, method=ManagementAug 8 15:11:38 :124547:  <DBUG> |authmgr|  aal_authenticate server_group:default.Aug 8 15:11:38 :124004:  <DBUG> |authmgr|  Select server for method=Management, user=winketa, essid=<>, server-group=KVB_RADIUS_ADMIN, last_srv <>Aug 8 15:11:38 :124004:  <DBUG> |authmgr|   server=Radius1, ena=1, ins=1 (1)Aug 8 15:11:38 :124038:  <INFO> |authmgr|  Selected server Radius1 for method=Management; user=winketa,  essid=<>, domain=<>, server-group=RADIUS_ADMINAug 8 15:11:38 :124064:  <NOTI> |authmgr|  Administrative User result=Authentication failed(1), method=Management, username=winketa IP=172.31.29.241 auth server=Radius1Aug 8 15:11:38 :124003:  <INFO> |authmgr|  Authentication result=Authentication failed(1), method=Management, server=Radius1, user=172.31.29.241Aug 8 15:11:38 :124004:  <DBUG> |authmgr|  Auth server 'Radius1' response=1Aug 8 15:11:38 :125022:  <WARN> |aaa|  Authentication failed for User winketa, Logged in from 172.31.29.241 port 56934, Connecting to 172.31.190.50 port 4343 connection type HTTPS

I tried to login via with the User "winketa" in the AAA diagnostics tool everything went fine. As you see in my first authentication attempt. The radius returns a successful authentication.
But if I try to log into the WebGUI using the same credentials the controller sends some additional information to the radius like the issuing hosts IP address.
I think this is why my radius sends a authentication reject.
But I cant see where I can change this behavior.
Or where my misconfiguration is?
Here I have a screenshot with my current configuration.

I already tried several "Server Rules" I also tried to have no "Server Rules" applied but nothing changed the current behavior.

Do you guys have any idea how to solve this issue?

I like to thank you for your support in advance!

Greetings

WiFi_Newbie

This is what my logs look like after increasing the log level as suggested:

authmgr [3715]: <121031> <3715> <DBUG> |authmgr| |aaa| [tc_api.c:444] Radius authenticate user (username) PAP using server SERVERNAME 

authmgr [3715]: <121031> <3715> <DBUG> |authmgr| |aaa| [tc_request.c:91] Add request: id=39, server=SERVERNAME, IP=x.x.x.x, server-group=SERVERGROUP, fd=72

authmgr [3715]: <121031> <3715> <DBUG> |authmgr| |aaa| [tc_server.c:2618] Sending radius request to SERVERNAME:x.x.x.x id:39,len=136

authmgr [3715]: <121031> <3715> <DBUG> |authmgr| |aaa| [tc_request.c:123] Find request: id=39, svr=x.x.x.x, fd=72

authmgr [3715]: <121031> <3715> <DBUG> |authmgr| |aaa| [tc_request.c:134] Current entry: server=SERVERNAME IP=x.x.x.x, server-group=SERVERGROUP, fd=72

authmgr [3715]: <121031> <3715> <DBUG> |authmgr| |aaa| [tc_request.c:63] Del request: id=39, server=SERVERNAME, IP=x.x.x.x, server-group-SERVERGROUP fd=72

The config looks the same for me.

Does NPS send any aruba-radius-attributes or just an accept?

Increase the log level for security-aaa and security-auth-amon to debugging and check logs again.

I'll give you the TL;DR version of the story.

ClearPass is not currently online. Yes, the local admin account works fine. NPS says access granted. The controller error reads:

aaa[3628]:<125022> <3628> <WARN> |aaa| Authentication failed for "user", Logged in from x.x.x.x port 22, Connecting to y.y.y.y  port 55115 connection type SSH

and another error message follows which reads: Failed password for "user" from x.x.x.x port 55115 ssh2.

Admin Authentication Options

default role: standard

enable: checked

mschapv2: unchecked

server group: "the one I created"

management telnet access: unchecked

Login activities persistence period: 0 days

Login banner text: NA

Banner has to be accepted: unchecked

I appreciate your input!

Admin login on the Aruba controller works fine, what error message do you get in ClearPass?
Please also share the admin authentication options for the controller.

Nearly 10 years later I am having the same issue.  I've set up AAA on the Aruba WLC, successfully run the AAA Server Test tool against my management user, but can login to neither the GUI nor CLI.  I don't see a resolution to the OP's problem.  I'm using the same RADIUS server for SSH switch management and Cisco Prime Infrastructure management.  Why would the Aruba diagnostic tool report that it can authenticate against RADIUS, the RADIUS logs tell me that the user account is granted access, but the get denied by the CLI and GUI?  TIA!

Hi Airheads Communtiry,

I am currently facing an issue at the controller of a customer of mine.
Regarding to this old discussion I tried to troubleshoot the configuration or the behavior.
But I was Unable to resolve the issue.
I try to authenticate admin users and Lobby Users via Radius.
But I am currently even unable to simply authenticate into the default role and I am not sure where the misconfiguration is.
Do I have to change the configuration of my Controller or is there a problem at the configuration of my Radius?
I can provide you the output of the Debug I have performed already like it was described in the old discussion.

Aug 8 15:13:37 :124011:  <INFO> |authmgr|  Test authenticating user winketa:****** using server Radius1Aug 8 15:13:37 :121041:  <DBUG> |authmgr|  User winketa MAC=00:00:00:00:00:00 not found.Aug 8 15:13:37 :124004:  <DBUG> |authmgr|  Auth server 'Radius1' response=0Aug 8 15:13:37 :124019:  <INFO> |authmgr|  Test server response: Authentication SuccessfulAug 8 15:11:38 :124004:  <DBUG> |authmgr|  RX (sock) message of type 1, len 1016Aug 8 15:11:38 :124546:  <DBUG> |authmgr|  aal_authenticate user:winketa vpnflags:0.Aug 8 15:11:38 :124004:  <DBUG> |authmgr|  unknown user=172.31.29.241, method=ManagementAug 8 15:11:38 :124547:  <DBUG> |authmgr|  aal_authenticate server_group:default.Aug 8 15:11:38 :124004:  <DBUG> |authmgr|  Select server for method=Management, user=winketa, essid=<>, server-group=KVB_RADIUS_ADMIN, last_srv <>Aug 8 15:11:38 :124004:  <DBUG> |authmgr|   server=Radius1, ena=1, ins=1 (1)Aug 8 15:11:38 :124038:  <INFO> |authmgr|  Selected server Radius1 for method=Management; user=winketa,  essid=<>, domain=<>, server-group=RADIUS_ADMINAug 8 15:11:38 :124064:  <NOTI> |authmgr|  Administrative User result=Authentication failed(1), method=Management, username=winketa IP=172.31.29.241 auth server=Radius1Aug 8 15:11:38 :124003:  <INFO> |authmgr|  Authentication result=Authentication failed(1), method=Management, server=Radius1, user=172.31.29.241Aug 8 15:11:38 :124004:  <DBUG> |authmgr|  Auth server 'Radius1' response=1Aug 8 15:11:38 :125022:  <WARN> |aaa|  Authentication failed for User winketa, Logged in from 172.31.29.241 port 56934, Connecting to 172.31.190.50 port 4343 connection type HTTPS

I tried to login via with the User "winketa" in the AAA diagnostics tool everything went fine. As you see in my first authentication attempt. The radius returns a successful authentication.
But if I try to log into the WebGUI using the same credentials the controller sends some additional information to the radius like the issuing hosts IP address.
I think this is why my radius sends a authentication reject.
But I cant see where I can change this behavior.
Or where my misconfiguration is?
Here I have a screenshot with my current configuration.

I already tried several "Server Rules" I also tried to have no "Server Rules" applied but nothing changed the current behavior.

Do you guys have any idea how to solve this issue?

I like to thank you for your support in advance!

Greetings

WiFi_Newbie