RADIUS authentication isn't working
Hey community,
I'm having a problem configuring AD based RADIUS authentication using a SonicWall TZ400 and SonicPoint ACe in my lab. I'm testing this for an upcoming project but I can't resolve the problem.
When configuring RADIUS on the SonicPoint I'm recieving following message
NAT policies and access rules are configured. The RADIUS server (NPS) is connected to the SonicWall via LAN and the SonicPoint is available via X3 interface. Without RADIUS auth the WiFi is working fine. SonicWall and SonicPoint are configured as RADIUS clients on the NPS.
I also tested RADIUS auth with UniFi which was working fine too.
Can anybody help please?
Thanks in advance.
Answers
Hi TDR
For your current Test-Setup, ingore the recommendation to create NAT Rules, the ACLs will suffice. (adding NAT rules can play a supportive role when you have multiple APs and you do not want to add each and every AP as a RADIUS Client within your NPS Server. In this case you would source-NAT each APs IP Address into a single IP which will be the only one you add in NPS). However you only have one AP.
ACL 110 should be sufficient. Delete ACL 27 (there is no connection from Radius Server to the AP necessary)
Delete NAT 6 and 7 (not required).
Then bring up packet capture to capture Traffic on Port tcp1812 or tcp1645 from the AP to the Radius Server, they should show up as "forwarded".
If packets are forwarded. Continue diag on NPS Logs for incoming radius messages.
IIRC NPS Radius secrets have a minimum # of characters. Try with 12 chars minimum for the secret.
Directly adding the single APs IP-Address instead of doing the "NAT-Trick" (for multiple APs) is for making troubleshooting easier.
Packet capture is the way to go. If you see the connection there, then you know you need to look for errors in NPS Logs on Windows. you should see messages coming in there. Also keep windows firewall in mind to allow radius messages coming in.
This KB should be of help. It includes the "NAT trick" which is handy if you need to add multiple APs from WLAN Zone to LAN.
Here the APs IP Addresses are NBATted into the X3 Interface address. With that you only need to add the X3 IP Address into NPS as a client.
For help in using Packet captures reach out to our support via phone (with active support contract).https://www.sonicwall.com/de-de/support/contact-support/
Hi Stephan,
Thank you for the comment.
Based on your steps I was able to resolve the problem. After checking the packet capture I was able to exclude problems caused by access rules or NAT rules. NPS logs finally led me to the source of my issues.