Wireless (General)

Expand all | Collapse all

802.1 X AD Auth with Nacmanager 8.1.1.41 and EWC 10.41 dont ́t work

  • 1.  802.1 X AD Auth with Nacmanager 8.1.1.41 and EWC 10.41 dont ́t work

    Posted 02-18-2018 12:43
    I want to bring a new installed EWC and NAC Manager with the last Firmware together and activate 802.1 X on a special SSID

    i have configured . shared Secret /LDAP Connection and so on
    and all the other things on both sides.

    When a wirless Client try to connect there is into the nac manager console only to see :

    Failing proxied request for user "XXXXXX@itgnt.local", due to lack of any response from home server 192.168.44.8 port 1812

    and

    Unable to contact RADIUS server: 192.168.44.8

    But this IP is the Radius Server himself !! Why has the nacmanager a problem to contact his own radius Server ?

    When I mak the test with Radius on the VNS of the Wireless Controller then comes :

    The Radius Server did not authenticate the user TEST123 on ITGNTAD VNS.
    Error: RADIUS_CLIENT_INTERNAL_ERROR.

    If you ask.. of course i have restartet the nac manager appliance 3 or 4 times..

    Who could give me some Tips for Troubleshooting ?

    Regarrds

    Christian



  • 2.  RE: 802.1 X AD Auth with Nacmanager 8.1.1.41 and EWC 10.41 dont ́t work

    Posted 02-18-2018 16:24
    Hi Christian, on AAA default , advanced - what did you set as your default auth? LDAP? Or Radius Proxy?


  • 3.  RE: 802.1 X AD Auth with Nacmanager 8.1.1.41 and EWC 10.41 dont ́t work

    Posted 02-18-2018 16:26
    And, btw , did you use the default shared secret (ETS_TAG_SHARED_SECRET) or you changed it to something else (on both sides)?


  • 4.  RE: 802.1 X AD Auth with Nacmanager 8.1.1.41 and EWC 10.41 dont ́t work

    Posted 02-18-2018 17:41
    Hello Yury,

    i tried first time to deal with the html "Surface" .. Now i found the Point that i can Switch to "Advanced" Mode and the window changed. .
    What is the right order ?

    Of Course Radius Secret is changed .. i have an other SSID which is doing mac Auth for some devices Without Security and this works fine

    Look at the Picture . . how should the order of Auth methods be ?



  • 5.  RE: 802.1 X AD Auth with Nacmanager 8.1.1.41 and EWC 10.41 dont ́t work

    Posted 02-18-2018 18:29
    Looks correct to me . Try to see the logs - ssh to NAC appliance and tail -f /var/log/radius/radius.log to see what is complaining about.
    Btw , if you going to use 802.1X authentication on the wireless and your LDAP is Windows AD , you need to make sure that NAC did "join" the domain . To check that , issue the command "wbinfo -t" from the ssh , you should see if the appliance successfully joined the domain (it should be just one line as the output with Success meaning in it) . If it spits you a bunch of line with with errors - e.g. "cannot find domain " etc... then you need to fix that first.


  • 6.  RE: 802.1 X AD Auth with Nacmanager 8.1.1.41 and EWC 10.41 dont ́t work

    Posted 02-18-2018 18:38
    THX i will try this next day

    but BTW.. we have customers Using 3 or 4 Windows Domains with a extreme wireless solution, what can i do if i have 2 or more Windows Domains and i need LDAP Auth ?

    Chris



  • 7.  RE: 802.1 X AD Auth with Nacmanager 8.1.1.41 and EWC 10.41 dont ́t work

    Posted 02-18-2018 19:09
    Are those AD independant or they have trust relashionship?