locked
ATA 1.8 Radius / VPN Accounting RRS feed

  • Question

  • I have ATA setup to forward 1813 Accounts requests from NPS to my DC's which both run the ATA light Directory Gateway.

    I have a very simple question which I was unable to find anywhere in the ATA 1.8 docs.

    - I enabled VPN\RADIUS Accounting

    - Setup the same shared secret as the members of the Remote Radius Server Group

    - Altered the Connect Request Policy to forward RADIUS accounting information to the Remote Radius Server Group

    - Made sure ports 1812 and 1813 UDP are open on the DCs.

    - I run netstat -ano on one of the DC's and do not see ports 1812 or 1813 advertised?

    - I look at the NPS logs and see the RADIUS accounting requests being forwarded to the Remote Radius Server Group.

    So my question is. Is VPN / Radius Listener available on the Light Directory Gateway or do I need a full Gateway?

    Thanks for the help.

    Monday, August 14, 2017 12:24 AM

All replies

  • If you use the command below on Gateway, you should see the output in the screenshot below.

    netstat -nao  | find "1813"



    Just for double check the radius configuration, you can search the key word "RadiusEventListenerConfiguration" from the log file Microsoft.Tri.Gateway, which is located at C:\Program Files\Microsoft Advanced Threat Analytics\Gateway\Logs on the ATA Lightweight Gateway.

    If the radius event is enabled, you should see the parameter 'IsEnabled' set as "true". Please see the following info.

    "RadiusEventListenerConfiguration": {
        "UdpListenerConfiguration": {
          "IsEnabled": true,
          "Port": 1813,
          "ReceiveBufferSize": "20 MB"
        },

    By the way, what's the version of the OS running on the domain controller?

    Best regards,
    Andy Liu

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, August 14, 2017 2:26 AM
  • Thanks Andy. Super helpful. Appreciate it.

    We are running 2016 across the board.

    We can see the RADIUS account port showing  up on the light directory gateway (LDG).

    We can now see the RADIUS packets arriving at the LDG. Any way to see what ATA is doing with these events in one of the logs?


    • Edited by V J Meyer Tuesday, September 19, 2017 5:59 PM Facts
    Tuesday, September 19, 2017 5:53 PM
  • Same question here, is there a way to see the accounting data in the ATA data store so that we can verify it is being received and processed?

    Is there a MongoDB area we should check using the command line query?

    Thursday, November 9, 2017 5:05 PM
  • Any updates on this?

    We also having trouble getting the radius data from our Cisco ASA imported to ATA.
    Tuesday, March 13, 2018 3:08 PM
  • We are trying to do same setting here, but we do have a question here, hopefully the expert on this post provide the answer.

    Our ASA VPN user do authentication/authorization with Cisco ACS, but do we have a chance to send the aaa accounting info to the ATA ?

    we have contacted with Cisco, they are say the authentication/authorization/accounting must be homed on the single AAA server, is that true?

    Thanks, 

    Friday, July 13, 2018 3:38 PM