03/26/2020 43 People found this article helpful 455,702 Views
Trouble shooting a scenario where wireless users were not able get authenticated through RADIUS server
SCENARIO / SYMPTOM
• Internal wireless(W0) is being used
• Authentication WPA2-EAP
• The authentication goes through fine from SNWL
User ->Settings-> Test Radius users
• SNWL LAN IP was added as radius client on the server and a Network Policy was added for the same
Conditions were configured as follows:
• Users groups were added (Wireless group on the AD )
• Configured SNWL LAN IP as NAS IPv4 & Client IPv4
• Was using both PEAP & EAP methods
• MSCHAP V2, MSCHAP authentication types are already configured
• But still the wireless users are unable to get authenticated from Radius
• Tried by bridging the interface X0 and W0 but to no avail
• Tried to upgrade the firmware of the SNWL to 5.8.1.15(General Release) and tested. Still no resolution
• The packet capture on SNWL shows Access request sent from the SNWL, but server was sending Access reject back
• It gives the error ‘user credentials are incorrect’, although the same user, was able to authenticate from the SNWL radius test page
• Created a new test user on the Customer’s LDAP server, still to no avail. Same error was thrown
RESOLUTION/WORKAROUND
Turned off ‘Guest services’ under Zones and then the Wireless users were able to get authenticated
Note:
Related KB article:
Configuring RADIUS authentication for Global VPN Clients with Network Policy and Access Server from Microsoft Windows 2008 (With video tutorial of Radius Authentication)
URL: https://www.fuzeqna.com/SonicWallkb/ext/kbdetail.aspx?kbid=6591