Jump to content
Welcome to our new Citrix community!

RADIUS authentication failing - Azure MFA extension


vin pathak

Recommended Posts

having rolled out RADIUS on our NS 12.x environment, we've come across a really strange issue:

- authentication gets pushed to the NPS server, and the user gets prompted to approve/deny the connectivity

- user approves, and the NPS logs show " Access Accepted for user ", however access is denid

- Netscaler Authentication logs show: "rejected: Invalid credentials for user vin.pathak"

- wireshark shows: access-accepted id=176

- timeout set to 60 across the board

 

really strange one... and of course, not help thus far from Citrix support. 

has anyone come across this before?

Link to comment
Share on other sites

Hi Carl,

i put the RADIUS policy in primary, bound at 90. 

This is failing in production, so i've added a second LDAP policy in primary at 100 - basically operating like a failover until i can get things sorted....

 

the same log appears for with/without the LDAP binding though...

 

Link to comment
Share on other sites

  • 3 months later...

The outcomes here with Citrix support was that this was a bug with the OS. 

The config was correct, however with  12.0 53.13, when you configure a RADIUS server, and input the 'shared secret' there is the option to 'test' the connection. 

 

The feedback i got from Citrix was:

  • if you click 'test', it will say 'successful', but the bug kicks in and the connection wont work
  • if you DONT click 'test', then the secret saves correctly and the connection works without issue. 

indeed, this resolved the issue for us...

according to support this was fixed in the next OS release...

 

Sorry for the late update!

  • Like 2
Link to comment
Share on other sites

  • 3 years later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...