WIFI Controller C5210 - "Unable to connect to RADIUS servers"

  • 0
  • 1
  • Problem
  • Updated 2 years ago
  • Solved
Greetings,

We are using an extremE controller C5210 with WS-AP3715I Access Points and are getting a "Unable to connect to RADIUS servers" when ever we want to connect.

We have rebooted the radius server and the controller to NO avail.

Any pointers?

Thanks,
Kombe
Photo of Kombe Kaponda

Kombe Kaponda

  • 280 Points 250 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Doug Hyde

Doug Hyde, Technical Support Manager

  • 20,140 Points 20k badge 2x thumb
Was this already working and something changed or are you setting this up for the first time?

 
Photo of Doug Hyde

Doug Hyde, Technical Support Manager

  • 20,140 Points 20k badge 2x thumb
Photo of Kombe Kaponda

Kombe Kaponda

  • 280 Points 250 badge 2x thumb
Every thing was working just fine until we have a power outage and all devices restarted.

Thanks,
Photo of Doug Hyde

Doug Hyde, Technical Support Manager

  • 20,140 Points 20k badge 2x thumb
Something basic...

1. From the controllers management GUI can you click on the Controller tab (up top) ---> (left side menu) select Network tab ---> Utilities 
2. Target IP Address: <put in the RADIUS server IP>
3. Check off "Use specific source interface"
4. In the drop down select the interface that is listed as "MGMT plane only"
5. Press the Ping button

See if the controllers management interface can reach the RADIUS server. 
Photo of Kombe Kaponda

Kombe Kaponda

  • 280 Points 250 badge 2x thumb
Yes it can reach.

Results:

ping 

PING 10.1.0.135 (10.1.0.135) 56(84) bytes of data. 
64 bytes from 10.1.0.135: icmp_seq=1 ttl=63 time=0.472 ms 
64 bytes from 10.1.0.135: icmp_seq=2 ttl=63 time=0.116 ms 
64 bytes from 10.1.0.135: icmp_seq=3 ttl=63 time=0.122 ms 
--- 10.1.0.135 ping statistics --- 
3 packets transmitted, 3 received, 0% packet loss, time 2002ms 
rtt min/avg/max/mdev = 0.116/0.236/0.472/0.167 ms 
Photo of Doug Hyde

Doug Hyde, Technical Support Manager

  • 20,140 Points 20k badge 2x thumb
That's a good sign!

Next, try the following...

1. Under the VNS tab---> WLAN-Service---> Select the RADIUS WLAN-Service
2. Click on the Auth & Acct tab
3. Click on the RADIUS server in your list, then click on the TEST button. 
4. Enter in a User ID:   
5. The process will fail (no pass is sent) but see if you get back something similar to the following:

The Radius Server did not authenticate the user dhyde on PoE VNS. Error: ACCESS_REJECTED. 
Photo of Kevin Armijo

Kevin Armijo

  • 100 Points 100 badge 2x thumb
Is your Radius Server listening?
If your Radius Server is linux based, netstat -l (L for Listen) to see if that port is listening.
Telnet IP.of.radius.server Port.radius.runs.on to see if you connect.  first local telnet, then remote telnet
Photo of Kombe Kaponda

Kombe Kaponda

  • 280 Points 250 badge 2x thumb
Tested the RADIUS WLAN-SERVICE and got:

RADIUS Test Results:
Sending EAP authentication request to Radius Server with user admin on vns_name Link
Please wait while all configured Radius Servers on this VNS are attempted as needed ...

Test Completed.

The Radius Server did not authenticate the user admin on Link VNS. Error: ACCESS_REJECTED.
Photo of Kombe Kaponda

Kombe Kaponda

  • 280 Points 250 badge 2x thumb
The RADIUS server log look like below. how do i deal with the log:

Marking home server 10.1.0.60 port 1812 as zombie (it looks like it is dead).

I can Ping 10.1.0.60?

Radius Log
Scroll to Bottom

Wed Mar 9 18:18:59 2016 : Info: WARNING: Child is hung for request 2500 in component <core> module . Wed Mar 9 18:19:00 2016 : Info: WARNING: Child is hung for request 2501 in component <core> module . Wed Mar 9 18:19:02 2016 : Info: WARNING: Child is hung for request 2500 in component <core> module . Wed Mar 9 18:19:04 2016 : Info: WARNING: Child is hung for request 2501 in component <core> module . Wed Mar 9 18:19:07 2016 : Proxy: Marking home server 10.1.0.60 port 1812 alive again... we have no idea if it really is alive or not. Wed Mar 9 18:19:07 2016 : Info: WARNING: Child is hung for request 2500 in component <core> module . Wed Mar 9 18:19:09 2016 : Info: WARNING: Child is hung for request 2501 in component <core> module . Wed Mar 9 18:19:10 2016 : Info: WARNING: Child is hung for request 2483 in component <core> module . Wed Mar 9 18:19:15 2016 : Info: WARNING: Child is hung for request 2500 in component <core> module . Wed Mar 9 18:19:16 2016 : Info: WARNING: Child is hung for request 2501 in component <core> module . Wed Mar 9 18:19:19 2016 : Info: WARNING: Child is hung for request 2484 in component <core> module . Wed Mar 9 18:19:24 2016 : Info: WARNING: Child is hung for request 2487 in component <core> module . Wed Mar 9 18:19:26 2016 : Info: WARNING: Child is hung for request 2500 in component <core> module . Wed Mar 9 18:19:28 2016 : Info: WARNING: Child is hung for request 2501 in component <core> module . Wed Mar 9 18:19:33 2016 : Proxy: Marking home server 10.1.0.60 port 1812 as zombie (it looks like it is dead). Wed Mar 9 18:19:35 2016 : Proxy: Marking home server 10.1.0.60 port 1812 as dead. Wed Mar 9 18:19:44 2016 : Info: WARNING: Child is hung for request 2500 in component <core> module . Wed Mar 9 18:19:45 2016 : Error: Discarding duplicate request from client 172.16.1.21 port 45625 - ID: 233 due to unfinished request 2509
Photo of Gareth Mitchell

Gareth Mitchell, Extreme Escalation Support Engineer

  • 5,476 Points 5k badge 2x thumb
Hi

It looks like your radius server/config has some kind of issue, take a look at this thread and see if it helps (it's in multiple parts) http://lists.freeradius.org/pipermail/freeradius-users/2013-March/065439.html

-Gareth
Photo of Kombe Kaponda

Kombe Kaponda

  • 280 Points 250 badge 2x thumb
Is their a way to restart Linux RADIUS service?
Photo of Gareth Mitchell

Gareth Mitchell, Extreme Escalation Support Engineer

  • 5,476 Points 5k badge 2x thumb
Yes but it depends on the flavour of linux that you are running, ubuntu is like this:

root@kubuntu-1:/home/gareth# /etc/init.d/freeradius restart
[ ok ] Restarting freeradius (via systemctl): freeradius.service.
Check the pid has changed by running this before/after the above:

root@kubuntu-1:/home/gareth# ps aux|grep rad
freerad  16437  0.0  0.4 126196  6944 ?        Ssl  13:39   0:00 /usr/sbin/freeradius
Photo of Kevin Armijo

Kevin Armijo

  • 100 Points 100 badge 2x thumb
make sure radius isn't running, from a command prompt, with root access run Radius in Debug mode to see exactly what is not working.

root@localhost:~#  freeradius -XX

once executed, it will show you the details of all the modules and configuration as it loads and gets ready to run.
Photo of Kombe Kaponda

Kombe Kaponda

  • 280 Points 250 badge 2x thumb
Still struggling with this issue. Suspect certificate. On the DC when I hit edit on that I just get:
Cannot configure EAP
A certificate could not be found that can be used with this Extensible Authentication Protocol
(Edited)
Photo of Kombe Kaponda

Kombe Kaponda

  • 280 Points 250 badge 2x thumb
We are curretly using Autoenroll server certificate to a server running NPS  certificate.
Photo of Kombe Kaponda

Kombe Kaponda

  • 280 Points 250 badge 2x thumb
Just some background on this issue. We are using an extreme controller C5210 with WS-AP3715I Access Points and are getting a "Unable to connect to RADIUS servers" whenever we want to connect.

 The certificates expired on the Windows server DC and now NPS Network policy, can not get certificate. On the DC when we hit edit, we  get:

Cannot configure EAP
A certificate could not be found that can be used with this Extensible Authentication Protocol

We have rebooted the radius server and the controller to NO avail.

Any pointers?

Thanks,
Kombe

Photo of Doug Hyde

Doug Hyde, Technical Support Manager

  • 20,140 Points 20k badge 2x thumb
Hello Kombe, 

Sorry you are still having issues. I would suggest contacting the GTAC for assistance. Someone can review all of your configurations and assist. 
Photo of Doug Hyde

Doug Hyde, Technical Support Manager

  • 20,140 Points 20k badge 2x thumb