Sometimes, it can be quite challenging to identify the reason, why our authentication requests are being rejected by the RADIUS server.
On Windows platform, one useful tool is NTRadPing Test Utility which can by downloaded from the authors website.
This handy tool produces a simple Authentication Request which will be sent to defined RADIUS server with defined connection parameters and credentials.
In the RADIUS Server reply section, you will see how fast and what response did the server provide. Although it does not support tunneled EAP authentication requests, it can be used to debug basic PAP and CHAP methods.
1. If the provided answer is Access-Accept, the server accepted your authentication request and you should be able to use the wireless network. If you are still experiencing problems, double-check configuration of your wireless router and client’s device.
2. If you see Access-Reject is the answer from RADIUS server, then there might be multiple explanations:
- provided credentials, including the RADIUS Secret key and RADIUS port might be wrong
- User might be disabled
- User’s account might be expired
- User is trying to log in outside assigned Login Time
If this is the case, please double-check user’s account settings.
3. Another output you might see is the message no response from server (timed out). If this is the case, please double-check RADIUS Server IP address and port. If values are correct, your firewall might be blocking outgoing requests. Contact your network administrator to verify if outgoing traffic to servers IP address and UDP port is allowed.
If the problem persists, it might be necessary to try to solve the problem with the RADIUS administrator.
Have you experienced any other problems while trying to authenticate with a RADIUS server?