SecuRemote w/ RADIUS Authentication issue

[karimi]

Hello,

I have my administrator user using RADIUS and authenticating to SmartDashboard with no problems.

When I change one of the securremote users Auth method from Firewall-1 Password to "RADIUS", when the user logs on with the SecureRemote client, they get "Authentication Failed: Username + Password".

Do I have to delete and recreate the Site in SecuRemote, or am I missing something?

Thanks

~m

[chillyjim]

You shouldn't as long as the username matches the radius username. Do you see anything in the logs? Maybe turing on IKE debugging would show you something vpn debug ikeon

[karimi]

Strangely I get "Wrong username/password: IKE Failed". If I change it back to "Firewall-1 Username" then everything works fine.

RADIUS works for Administrator users to the same radius server.. so i'm unsure what is failing in secure-remote.

I don't see anything in the logs indicating a drop

[chillyjim]

Check your RADIUS logs and make sure you have the gateway defined as a "NAS" device (define all the interfaces just to be safe).

[aqw789]

- Define a Radius server - Object tree --> Servers / Radius
(Name: Enter the host name, Host:Select Radius server, Enter Shared secret to authenticate with the Radius server)

- Define the users in the FW user DB or use external user profiles.

- Create a user group for the Radius users and add them to this group. If you are using external user profiles, they should also be added to this group.

!!! Encryption tab: This should be configured for SecureClient and IKE

- authentication tab: Select the Radius server or group

- Authentication tab: Allow Radius authentication on the gateway.

- Authentication tab of Gateway:You need to add the Radius user groups to the Policy server group if you use a policy server.

- Remote Access Community: Add the Radius group to the user groups in the Remote Access Community.
!!! Don't forget your Remote Access rule. Create it or if it's already there upload the policy to the enforcement module to activate your changes.

HTH.

[karimi]

The RADIUS works fine for SmartDashboard admins, it just doesn't work for SecuRemote users.

I checked the log, and the error I get is:

"Client Encryption: RADIUS Servers not responding..."

If this is an issue with Microsoft IAS, why does RADIUS work with SmartDashboard users?

~k

[karimi]

Hi Folks

It works now.

1) Changed MS Auth to PAP on IAS
2) Added 2 entries for both Firewalls in Cluster to Microsoft IAS
3) Duplicated same shared-secret for RADIUS server object and 3 Clients in IAS.
4) Using NGX SecureRemote/SecureClient

It's working now. If anyone wants a detailed document on how to do this, email me and I'll send it.

[Alfa.Ma@kinectrics.com]

Karima,
Thanks for sending the document to me so fast. But I need the document on setting up the Microsoft IAS server as radius server for SecureClient authentication. I need a radius server so my ntwork support can use it fot network management.
Please send it to alfa.ma@kinectrics.com.
Thanks in advance.

Alf

[giulitn]

Quote:

Originally Posted by karimi

Hi Folks

It works now.

1) Changed MS Auth to PAP on IAS
2) Added 2 entries for both Firewalls in Cluster to Microsoft IAS
3) Duplicated same shared-secret for RADIUS server object and 3 Clients in IAS.
4) Using NGX SecureRemote/SecureClient

It's working now. If anyone wants a detailed document on how to do this, email me and I'll send it.

Please, could you send me also how you succed?
I'm working on it and i'm successfully using IAS for wireless authentication.
Bye.

[vinayakk06]

heyy frnds,

can you pls email me the steps you have taken to solve the problem for the error: Radius authentication failed and wrong user name and password.

My email id is vinayakk06@yahoo.co.in

Thanks in advance.