Header Only - DO NOT REMOVE - Extreme Networks

WIFI Controller C5210 - "Unable to connect to RADIUS servers"


Greetings,

We are using an extremE controller C5210 with WS-AP3715I Access Points and are getting a "Unable to connect to RADIUS servers" when ever we want to connect.

We have rebooted the radius server and the controller to NO avail.

Any pointers?

Thanks,
Kombe

18 replies

Userlevel 7
Was this already working and something changed or are you setting this up for the first time?
Userlevel 7
Reference: https://gtacknowledge.extremenetworks.com/articles/How_To/How-do-configure-RADIUS-server-for-VNS-Glo...
Every thing was working just fine until we have a power outage and all devices restarted.

Thanks,
Userlevel 7
Something basic...

1. From the controllers management GUI can you click on the Controller tab (up top) ---> (left side menu) select Network tab ---> Utilities
2. Target IP Address:
3. Check off "Use specific source interface"
4. In the drop down select the interface that is listed as "MGMT plane only"
5. Press the Ping button

See if the controllers management interface can reach the RADIUS server.
Yes it can reach.

Results:

ping

PING 10.1.0.135 (10.1.0.135) 56(84) bytes of data.
64 bytes from 10.1.0.135: icmp_seq=1 ttl=63 time=0.472 ms
64 bytes from 10.1.0.135: icmp_seq=2 ttl=63 time=0.116 ms
64 bytes from 10.1.0.135: icmp_seq=3 ttl=63 time=0.122 ms
--- 10.1.0.135 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.116/0.236/0.472/0.167 ms
Userlevel 7
That's a good sign!

Next, try the following...

1. Under the VNS tab---> WLAN-Service---> Select the RADIUS WLAN-Service
2. Click on the Auth & Acct tab
3. Click on the RADIUS server in your list, then click on the TEST button.
4. Enter in a User ID:
5. The process will fail (no pass is sent) but see if you get back something similar to the following:

The Radius Server did not authenticate the user dhyde on PoE VNS. Error: ACCESS_REJECTED.
Is your Radius Server listening?
If your Radius Server is linux based, netstat -l (L for Listen) to see if that port is listening.
Telnet IP.of.radius.server Port.radius.runs.on to see if you connect. first local telnet, then remote telnet
Tested the RADIUS WLAN-SERVICE and got:

RADIUS Test Results:
Sending EAP authentication request to Radius Server with user admin on vns_name Link
Please wait while all configured Radius Servers on this VNS are attempted as needed ...

Test Completed.

The Radius Server did not authenticate the user admin on Link VNS. Error: ACCESS_REJECTED.
The RADIUS server log look like below. how do i deal with the log:

Marking home server 10.1.0.60 port 1812 as zombie (it looks like it is dead).

I can Ping 10.1.0.60?

Radius Log
Scroll to Bottom

Wed Mar 9 18:18:59 2016 : Info: WARNING: Child is hung for request 2500 in component module . Wed Mar 9 18:19:00 2016 : Info: WARNING: Child is hung for request 2501 in component module . Wed Mar 9 18:19:02 2016 : Info: WARNING: Child is hung for request 2500 in component module . Wed Mar 9 18:19:04 2016 : Info: WARNING: Child is hung for request 2501 in component module . Wed Mar 9 18:19:07 2016 : Proxy: Marking home server 10.1.0.60 port 1812 alive again... we have no idea if it really is alive or not. Wed Mar 9 18:19:07 2016 : Info: WARNING: Child is hung for request 2500 in component module . Wed Mar 9 18:19:09 2016 : Info: WARNING: Child is hung for request 2501 in component module . Wed Mar 9 18:19:10 2016 : Info: WARNING: Child is hung for request 2483 in component module . Wed Mar 9 18:19:15 2016 : Info: WARNING: Child is hung for request 2500 in component module . Wed Mar 9 18:19:16 2016 : Info: WARNING: Child is hung for request 2501 in component module . Wed Mar 9 18:19:19 2016 : Info: WARNING: Child is hung for request 2484 in component module . Wed Mar 9 18:19:24 2016 : Info: WARNING: Child is hung for request 2487 in component module . Wed Mar 9 18:19:26 2016 : Info: WARNING: Child is hung for request 2500 in component module . Wed Mar 9 18:19:28 2016 : Info: WARNING: Child is hung for request 2501 in component module . Wed Mar 9 18:19:33 2016 : Proxy: Marking home server 10.1.0.60 port 1812 as zombie (it looks like it is dead). Wed Mar 9 18:19:35 2016 : Proxy: Marking home server 10.1.0.60 port 1812 as dead. Wed Mar 9 18:19:44 2016 : Info: WARNING: Child is hung for request 2500 in component module . Wed Mar 9 18:19:45 2016 : Error: Discarding duplicate request from client 172.16.1.21 port 45625 - ID: 233 due to unfinished request 2509
Userlevel 6
Kombe Kaponda wrote:

The RADIUS server log look like below. how do i deal with the log:

Marking home server 10.1.0.60 port 1812 as zombie (it looks like it is dead).

I can Ping 10.1.0.60?

Radius Log
Scroll to Bottom

Wed Mar 9 18:18:59 2016 : Info: WARNING: Child is hung for request 2500 in component module . Wed Mar 9 18:19:00 2016 : Info: WARNING: Child is hung for request 2501 in component module . Wed Mar 9 18:19:02 2016 : Info: WARNING: Child is hung for request 2500 in component module . Wed Mar 9 18:19:04 2016 : Info: WARNING: Child is hung for request 2501 in component module . Wed Mar 9 18:19:07 2016 : Proxy: Marking home server 10.1.0.60 port 1812 alive again... we have no idea if it really is alive or not. Wed Mar 9 18:19:07 2016 : Info: WARNING: Child is hung for request 2500 in component module . Wed Mar 9 18:19:09 2016 : Info: WARNING: Child is hung for request 2501 in component module . Wed Mar 9 18:19:10 2016 : Info: WARNING: Child is hung for request 2483 in component module . Wed Mar 9 18:19:15 2016 : Info: WARNING: Child is hung for request 2500 in component module . Wed Mar 9 18:19:16 2016 : Info: WARNING: Child is hung for request 2501 in component module . Wed Mar 9 18:19:19 2016 : Info: WARNING: Child is hung for request 2484 in component module . Wed Mar 9 18:19:24 2016 : Info: WARNING: Child is hung for request 2487 in component module . Wed Mar 9 18:19:26 2016 : Info: WARNING: Child is hung for request 2500 in component module . Wed Mar 9 18:19:28 2016 : Info: WARNING: Child is hung for request 2501 in component module . Wed Mar 9 18:19:33 2016 : Proxy: Marking home server 10.1.0.60 port 1812 as zombie (it looks like it is dead). Wed Mar 9 18:19:35 2016 : Proxy: Marking home server 10.1.0.60 port 1812 as dead. Wed Mar 9 18:19:44 2016 : Info: WARNING: Child is hung for request 2500 in component module . Wed Mar 9 18:19:45 2016 : Error: Discarding duplicate request from client 172.16.1.21 port 45625 - ID: 233 due to unfinished request 2509

Hi

It looks like your radius server/config has some kind of issue, take a look at this thread and see if it helps (it's in multiple parts) http://lists.freeradius.org/pipermail/freeradius-users/2013-March/065439.html

-Gareth
Kombe Kaponda wrote:

The RADIUS server log look like below. how do i deal with the log:

Marking home server 10.1.0.60 port 1812 as zombie (it looks like it is dead).

I can Ping 10.1.0.60?

Radius Log
Scroll to Bottom

Wed Mar 9 18:18:59 2016 : Info: WARNING: Child is hung for request 2500 in component module . Wed Mar 9 18:19:00 2016 : Info: WARNING: Child is hung for request 2501 in component module . Wed Mar 9 18:19:02 2016 : Info: WARNING: Child is hung for request 2500 in component module . Wed Mar 9 18:19:04 2016 : Info: WARNING: Child is hung for request 2501 in component module . Wed Mar 9 18:19:07 2016 : Proxy: Marking home server 10.1.0.60 port 1812 alive again... we have no idea if it really is alive or not. Wed Mar 9 18:19:07 2016 : Info: WARNING: Child is hung for request 2500 in component module . Wed Mar 9 18:19:09 2016 : Info: WARNING: Child is hung for request 2501 in component module . Wed Mar 9 18:19:10 2016 : Info: WARNING: Child is hung for request 2483 in component module . Wed Mar 9 18:19:15 2016 : Info: WARNING: Child is hung for request 2500 in component module . Wed Mar 9 18:19:16 2016 : Info: WARNING: Child is hung for request 2501 in component module . Wed Mar 9 18:19:19 2016 : Info: WARNING: Child is hung for request 2484 in component module . Wed Mar 9 18:19:24 2016 : Info: WARNING: Child is hung for request 2487 in component module . Wed Mar 9 18:19:26 2016 : Info: WARNING: Child is hung for request 2500 in component module . Wed Mar 9 18:19:28 2016 : Info: WARNING: Child is hung for request 2501 in component module . Wed Mar 9 18:19:33 2016 : Proxy: Marking home server 10.1.0.60 port 1812 as zombie (it looks like it is dead). Wed Mar 9 18:19:35 2016 : Proxy: Marking home server 10.1.0.60 port 1812 as dead. Wed Mar 9 18:19:44 2016 : Info: WARNING: Child is hung for request 2500 in component module . Wed Mar 9 18:19:45 2016 : Error: Discarding duplicate request from client 172.16.1.21 port 45625 - ID: 233 due to unfinished request 2509

Is their a way to restart Linux RADIUS service?
Userlevel 6
Kombe Kaponda wrote:

The RADIUS server log look like below. how do i deal with the log:

Marking home server 10.1.0.60 port 1812 as zombie (it looks like it is dead).

I can Ping 10.1.0.60?

Radius Log
Scroll to Bottom

Wed Mar 9 18:18:59 2016 : Info: WARNING: Child is hung for request 2500 in component module . Wed Mar 9 18:19:00 2016 : Info: WARNING: Child is hung for request 2501 in component module . Wed Mar 9 18:19:02 2016 : Info: WARNING: Child is hung for request 2500 in component module . Wed Mar 9 18:19:04 2016 : Info: WARNING: Child is hung for request 2501 in component module . Wed Mar 9 18:19:07 2016 : Proxy: Marking home server 10.1.0.60 port 1812 alive again... we have no idea if it really is alive or not. Wed Mar 9 18:19:07 2016 : Info: WARNING: Child is hung for request 2500 in component module . Wed Mar 9 18:19:09 2016 : Info: WARNING: Child is hung for request 2501 in component module . Wed Mar 9 18:19:10 2016 : Info: WARNING: Child is hung for request 2483 in component module . Wed Mar 9 18:19:15 2016 : Info: WARNING: Child is hung for request 2500 in component module . Wed Mar 9 18:19:16 2016 : Info: WARNING: Child is hung for request 2501 in component module . Wed Mar 9 18:19:19 2016 : Info: WARNING: Child is hung for request 2484 in component module . Wed Mar 9 18:19:24 2016 : Info: WARNING: Child is hung for request 2487 in component module . Wed Mar 9 18:19:26 2016 : Info: WARNING: Child is hung for request 2500 in component module . Wed Mar 9 18:19:28 2016 : Info: WARNING: Child is hung for request 2501 in component module . Wed Mar 9 18:19:33 2016 : Proxy: Marking home server 10.1.0.60 port 1812 as zombie (it looks like it is dead). Wed Mar 9 18:19:35 2016 : Proxy: Marking home server 10.1.0.60 port 1812 as dead. Wed Mar 9 18:19:44 2016 : Info: WARNING: Child is hung for request 2500 in component module . Wed Mar 9 18:19:45 2016 : Error: Discarding duplicate request from client 172.16.1.21 port 45625 - ID: 233 due to unfinished request 2509

Yes but it depends on the flavour of linux that you are running, ubuntu is like this:

root@kubuntu-1:/home/gareth# /etc/init.d/freeradius restart
[ ok ] Restarting freeradius (via systemctl): freeradius.service.

Check the pid has changed by running this before/after the above:

root@kubuntu-1:/home/gareth# ps aux|grep rad
freerad 16437 0.0 0.4 126196 6944 ? Ssl 13:39 0:00 /usr/sbin/freeradius

make sure radius isn't running, from a command prompt, with root access run Radius in Debug mode to see exactly what is not working.

root@localhost:~# freeradius -XX

once executed, it will show you the details of all the modules and configuration as it loads and gets ready to run.
Still struggling with this issue. Suspect certificate. On the DC when I hit edit on that I just get:
Cannot configure EAP
A certificate could not be found that can be used with this Extensible Authentication Protocol

We are curretly using Autoenroll server certificate to a server running NPS certificate.
Just some background on this issue. We are using an extreme controller C5210 with WS-AP3715I Access Points and are getting a "Unable to connect to RADIUS servers" whenever we want to connect.

The certificates expired on the Windows server DC and now NPS Network policy, can not get certificate. On the DC when we hit edit, we get:

Cannot configure EAP
A certificate could not be found that can be used with this Extensible Authentication Protocol

We have rebooted the radius server and the controller to NO avail.

Any pointers?

Thanks,
Kombe
Userlevel 7
Hello Kombe,

Sorry you are still having issues. I would suggest contacting the GTAC for assistance. Someone can review all of your configurations and assist.
Userlevel 7
Reference: https://gtacknowledge.extremenetworks.com/articles/Solution/IdentiFi-Wireless-802-1x-user-Radius-Aut...

Reply