Jump to content
Welcome to our new Citrix community!

Netscaler ADC NS12.1 build 55.18.Nc RADIUS unable to login with admin account


Recommended Posts

Hi,

 

I have the following i have configured my netscaller for RADIUS auth and can see the radius is accepting my request getting back a Access-Accept message, in a network trace.

I am using group attribute ID class 25 and have created the group locally on the ADC appliance.

See attachement for radius Access-Accept message.

 

In the aaa debug log i am getting:

 

 /home/build/rs_121_55_4_RTM/usr.src/netscaler/aaad/naaad.c[5310]: start_cascade_auth 0-31: starting cascade authentication
Thu Mar  5 11:41:06 2020
 /home/build/rs_121_55_4_RTM/usr.src/netscaler/aaad/radius_drv.c[772]: continue_radius_auth 0-31: RADIUS auth: Starting RADIUS authentication for user username @ radiusserverip
Thu Mar  5 11:41:06 2020
 /home/build/rs_121_55_4_RTM/usr.src/netscaler/aaad/radius_drv.c[671]: make_radius_request 0-31: RADIUS auth: Making radius request for user username
Thu Mar  5 11:41:06 2020
 /home/build/rs_121_55_4_RTM/usr.src/netscaler/aaad/naaad.c[5662]: register_timer 0-31: setting timer 14
Thu Mar  5 11:41:06 2020
 /home/build/rs_121_55_4_RTM/usr.src/netscaler/aaad/radius_drv.c[2061]: process_radius 0-31: Got RADIUS event
Thu Mar  5 11:41:06 2020
 /home/build/rs_121_55_4_RTM/usr.src/netscaler/aaad/naaad.c[5739]: unregister_timer 0-31: releasing timer 14
Thu Mar  5 11:41:06 2020
 /home/build/rs_121_55_4_RTM/usr.src/netscaler/aaad/radius_drv.c[2083]: process_radius 0-31: RADIUS auth: Radius server  rejected: Invalid credentials for user username
Thu Mar  5 11:41:06 2020
 /home/build/rs_121_55_4_RTM/usr.src/netscaler/aaad/naaad.c[4781]: send_reject_with_code 0-31: Not trying cascade again 4001
Thu Mar  5 11:41:06 2020
 /home/build/rs_121_55_4_RTM/usr.src/netscaler/aaad/naaad.c[4783]: send_reject_with_code 0-31: sending reject to kernel for : adm_frde
Thu Mar  5 11:41:06 2020
 /home/build/rs_121_55_4_RTM/usr.src/netscaler/aaad/naaad.c[4801]: send_reject_with_code 0-31: Rejecting with error code 4001
Thu Mar  5 11:41:13 2020

 

 

My RADIUS CONFIG:

 

add system group admins
add authentication radiusAction NPS -serverIP IPSERVER -serverPort 1812 -radKey radiuseky -encrypted -encryptmethod ENCMTHD_3 -radNASid citrix -radAttributeType 25 -passEncoding mschapv2
set aaa parameter -maxAAAUsers 4294967295
add authentication Policy RADIUS-AUTH-SYSTEM -rule true -action NPS
bind system group admins -policyName superuser 100
bind system global RADIUS-AUTH-SYSTEM -priority 100 -gotoPriorityExpression NEXT

 

Any pointers on where to start looking.

 

Frederik

 

radius-accept.PNG

Link to comment
Share on other sites

From what I can see in this aaa.debug log, your authentication fails because of invalid credentials. That's ADC's truth. Unfortunately I don't have a RADIUS server to play with, so I can't try to reproduce your issue. This is definitely no known issue! I would rather geuss, it's some kind of misunderstanding. Which type of RADIUS are you using?

 

Greetings from Austria

 

Johannes Norz

CTA, CCI, CCE-N

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...