This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

802.1 X AD Auth with Nacmanager 8.1.1.41 and EWC 10.41 dont ́t work

802.1 X AD Auth with Nacmanager 8.1.1.41 and EWC 10.41 dont ́t work

info_systemhaus
New Contributor II

‎02-18-2018 12:43 PM

I want to bring a new installed EWC and NAC Manager with the last Firmware together and activate 802.1 X on a special SSID

i have configured . shared Secret /LDAP Connection and so on
and all the other things on both sides.

When a wirless Client try to connect there is into the nac manager console only to see :

Failing proxied request for user "XXXXXX@itgnt.local", due to lack of any response from home server 192.168.44.8 port 1812

and

Unable to contact RADIUS server: 192.168.44.8

But this IP is the Radius Server himself !! Why has the nacmanager a problem to contact his own radius Server ?

When I mak the test with Radius on the VNS of the Wireless Controller then comes :

The Radius Server did not authenticate the user TEST123 on ITGNTAD VNS.
Error: RADIUS_CLIENT_INTERNAL_ERROR.

If you ask.. of course i have restartet the nac manager appliance 3 or 4 times..

Who could give me some Tips for Troubleshooting ?

Regarrds

Christian

0 Kudos
6 REPLIES 6

Ostrovsky__Yury
Extreme Employee

‎02-18-2018 07:09 PM

Are those AD independant or they have trust relashionship?
0 Kudos

info_systemhaus
New Contributor II

‎02-18-2018 06:38 PM

THX i will try this next day

but BTW.. we have customers Using 3 or 4 Windows Domains with a extreme wireless solution, what can i do if i have 2 or more Windows Domains and i need LDAP Auth ?

Chris

0 Kudos

Ostrovsky__Yury
Extreme Employee

‎02-18-2018 06:29 PM

Looks correct to me . Try to see the logs - ssh to NAC appliance and tail -f /var/log/radius/radius.log to see what is complaining about.
Btw , if you going to use 802.1X authentication on the wireless and your LDAP is Windows AD , you need to make sure that NAC did "join" the domain . To check that , issue the command "wbinfo -t" from the ssh , you should see if the appliance successfully joined the domain (it should be just one line as the output with Success meaning in it) . If it spits you a bunch of line with with errors - e.g. "cannot find domain " etc... then you need to fix that first.
0 Kudos

info_systemhaus
New Contributor II

‎02-18-2018 05:41 PM

Hello Yury,

i tried first time to deal with the html "Surface" .. Now i found the Point that i can Switch to "Advanced" Mode and the window changed. .
What is the right order ?

Of Course Radius Secret is changed .. i have an other SSID which is doing mac Auth for some devices Without Security and this works fine

Look at the Picture . . how should the order of Auth methods be ?

7efedbd6f5ac4407b61abd85762eb823_RackMultipart20180218-19166-1yaaybn-Auth_Order_inline.png

0 Kudos
GTM-P2G8KFN