ºÚÁϺ£½Ç91Èë¿Ú

Symptoms

When configuring a device or application for use with ºÚÁϺ£½Ç91Èë¿Ú RADIUS, users are not able to authenticate. E.g., Wi-Fi or VPN users are not able to connect.

Cause 

This may be due to one or more reasons:

• Misconfigured device/application
• Configuration mismatch between the RADIUS record in ºÚÁϺ£½Ç91Èë¿Ú and the device/application
• User is not a member of a group granted access to ºÚÁϺ£½Ç91Èë¿Ú RADIUS record
• Misconfigured client
• Network problems
• Incorrect credentials

Resolution

1. Make sure the password being used works as expected with the . Though the portal uses the email address, RADIUS expects the username and password, NOT email address and password.
   • When authenticating with delegated auth for Entra ID, the UPN in Entra ID should match the company email address in ºÚÁϺ£½Ç91Èë¿Ú and the user should be using this attribute for their Radius login. 
   • Make sure if your IdP is ºÚÁϺ£½Ç91Èë¿Ú the credentials being used are ºÚÁϺ£½Ç91Èë¿Ú, and if the IdP is Entra ID that the credentials being used are Entra ID.
2. Verify the public IP address where the requests originate and compare it to the RADIUS record in the ºÚÁϺ£½Ç91Èë¿Ú Console. This can be done with  or using # curl  from a shell.
3. Verify the shared secret. For some devices/applications, complex strings will cause a failure. If this is suspected, change the shared secret to a short alpha/numeric string.
4. Verify users are members of a User Group that has been granted access to RADIUS. See Binding Users to Resources.
   • Make sure that users are in an active state.
5. Verify port 1812/UDP is being used and the network is not blocking that traffic.
6. Make sure you have not missed a step in the certificate or profile installation. See Update RADIUS Certificates on Existing EAP-TTLS Client Systems.
7. If the RADIUS client has a testing option and still fails, test the RADIUS connection on an independent device such as a computer with an internet connection that uses the public IP address configured both in your RADIUS client & ºÚÁϺ£½Ç91Èë¿Ú endpoint to pinpoint whether there's an error with your RADIUS client configuration or a connection issue to one of our RADIUS endpoints.

Use one of the following third-party tools to test:

• Destination ºÚÁϺ£½Ç91Èë¿Ú RADIUS server IP address with UDP port number 1812.
• The RADIUS NAP IP attribute or public IP address provided by your ISP or cloud provide along with the NAS port number (typically 61).
• An active ºÚÁϺ£½Ç91Èë¿Ú username or email address and password that's bound to your ºÚÁϺ£½Ç91Èë¿Ú RADIUS endpoint.

• For Windows devices, use by unzipping the file and selecting Run as administrator on the executable. Ensure the Request type field is set to Authentication Request.

• For macOS & Linux, use the  from  that requires the . Once the Homebrew package manager is installed on your device, enter the following command:

Use the following syntax for radtest in your Unix terminal:

If your authentication attempt was successful, you will receive a response message of Access-Accept.

You can also verify these results in both the Directory Insights portal and the RADIUS section of your Admin Portal by navigating to Details > Network Device Details of your ºÚÁϺ£½Ç91Èë¿Ú endpoint.

If these solutions do not resolve the issue, note the username failing to authenticate, your Organization ID, a timestamp of the attempt(s)/failure(s), if possible, logs from the application/device, and submit a support request for further assistance.