Radius Authentication Failure: Timeout

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Radius Authentication Failure: Timeout

L0 Member

Issue: Authentication failure when using AD Account 

Log: Authentication Timeout to server 

 

Setup:

PanOS Version: 10.1.1

Panorama is not used 

NPS Installed on Windows Server 2016

Radius Server Profile Created

Authentication Profile Created 

Admin Role Created

Linked in Setup

NPS Client and Policy Created( 25461 - uses created admin role, uses PAP)

 

Tested:

Tested Policies on dev and worked 

 

Possible issue: 

The Authentication setting has second gear that sates "Stack Override:" not present in dev. 

 

Question:

Is it Possible that the override is changing my settings and pointing to a local login instead?

 

 

 

1 REPLY 1

Cyber Elite
Cyber Elite

Hello

I am running 10.1.1 and I too have the same orange "override" gear, so that is part of the operating system for 10.1.1

If you have your auth profile to Radius, then should be working.

CLI into the firewall and issue:

 

tail follow yes mp-log authd.log (confirm my synatax..) and watch as your user attempts to authenticate.

just keep in mind that the FW is not failing your authentication... your Radius server is... and the FW merely acts a the messenger to say "invalid username or password" or similar.

 

As a test, try to create a local users (not admin account user) but under Device ==> Local Users.  And create an auth profile, pointed back to that local user.   If auth works locally (where the FW is the authentication server), but fails when you change to LDAP or Radius, this will confirm/illustrate that either your auth profile is incorrect (IP, shared secret, service account name, port name, etc.)

Please help out other users and “Accept as Solution” if a post helps solve your problem !
  • 3621 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!