Legacy RADIUS server IPs will be deprecated on Dec 17, 2018. Please see this KB for more info.

Support Center

Troubleshooting Radius Server Authentication

Symptoms

When configuring a device or application for use with JumpCloud RADIUS, users are not able to authenticate. E.g., WiFi or VPN users are not able to connect.

Cause 

This may be due to one or more reasons:
  • Misconfigured device/application
  • Configuration mismatch between the RADIUS record in JumpCloud and the device/application
  • User is not a member of a group granted access to JumpCloud RADIUS record
  • Misconfigured client
  • Network problems
  • Incorrect credentials
Resolution
 
Note: JumpCloud RADIUS servers do not respond to ICMP, so ping will not respond if attempting a basic availability check.
  1. Make sure the password being used works as expected with the JumpCloud User Portal. Note this will confirm the password, though the portal uses the email address, RADIUS is expecting the username and password, NOT email address and password. 
  2. Verify the public IP address where the requests originate and compare it to the RADIUS record in the JumpCloud Console. This can be done with https://www.whatismyip.com/ or using # curl ifconfig.co from a shell.
  3. Verify the shared secret. For some devices/applications, complex strings will cause a failure. If this is suspected, change the shared secret to a short alpha/numeric string.
  4. Verify users are members of a User Group that has been granted access to RADIUS. See Binding Users to Resources.
  5. Verify port 1812/UDP is being used and the network is not blocking that traffic.
  6. If the device/application has a testing option and still fails, test the RADIUS connection on an independent device to help narrow where the problem exists. This can be done on Windows with ntradping, or radtest for any os variant with an available FreeRADIUS package.
radtest YOUR_USERNAME "YOUR_PASSWORD" RADIUS_IP 0 "SHARED_SECRET"

# radtest myradiususer "mypass" 18.204.0.31 0 "mysecret"
Sent Access-Request Id 39 from 0.0.0.0:48164 to 18.204.0.31:1812 length 80
User-Name = "myradiususer"
User-Password = "mypass"
NAS-IP-Address = 10.128.0.3
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "mypass"
Received Access-Accept Id 39 from 18.204.0.31:1812 to 0.0.0.0:0 length 20 
 


If these solutions do not resolve the issue, note the username failing to authenticate, your Organization ID, a timestamp of the attempt(s)/failure(s), if possible, logs from the application/device, and submit a support request for further assistance. 

 
 

Last Updated: Nov 30, 2018 04:42PM MST

Related Articles
31b11a79e2c94470a66430cfe6d3eecd@jumpcloud.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete