none
UAG with RADIUS authentication RRS feed

  • Question

  • Hi,

    I'm installing a new implementation of UAG but am struggling to get RADIUS authentication to work. We already have NPS installed, and I've added the additional policies as described in the documentation (http://technet.microsoft.com/en-us/library/dd857268.aspx). We don't have any NAP health policies yet. The NAP network policy just checks that the user account is a member of a particular domain group. When attempting to login to the portal page the error "Authentication Failed" is displayed. The only information on what seems to be happening is in the Application Event Log of the UAG server and the RADIUS server log (see below). The RAIDUS log entry seems to mention a different policy name to the one I'm expecting it to use, it mentions the policy we have setup to secure our wireless access rather than the policy I've setup for UAG use. Could this be something to do with the order of the policies?

    I've tried the setup with Active Directory authentication and it all works fine, so this appears to be something to do with the RADIUS setup. Anyone have any pointers? I've been through the points here: http://www.axlradius.com/clientdocs/docs/RadClientGuide/RADIUSTrouble.html

    Event ID 14 from Application Event Log of RADIUS server

    User username with source IP address IP address of machine failed to log into trunk trunkname (secure=0) using authentication server RADIUS with session ID 8F044E1D-E6F9-40FF-9FAD-1488946818C4. Error code is Failed to authenticate.

    From RADIUS server log

    "radius server name ","IAS",05/06/2010,09:37:30,1,"username ","domain\username ",,,,,,"127.0.0.1",,311,"ip address of UAG server ","UAG servername ",,,,,,,1,"Network Policy Name ",0,"311 1 ::1 05/05/2010 08:39:36 19296",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
    "radius server name ","IAS",05/06/2010,09:37:30,3,,"username ",,,,,,,,311,"ip address of UAG server ","UAG servername ",,,,,,,1,"Network Policy Name ",66,"311 1 ::1 05/05/2010 08:39:36 19296",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,

     

    Would anyone have any ideas or pointers on this?

    Thanks

    Thursday, May 6, 2010 9:03 AM

Answers

All replies