When configuring a device or application for use with JumpCloud RADIUS, users are not able to authenticate. E.g., WiFi or VPN users are not able to connect.
This may be due to one or more reasons:
- Misconfigured device/application
- Configuration mismatch between the RADIUS record in JumpCloud and the device/application
- User is not a member of a group granted access to JumpCloud RADIUS record
- Misconfigured client
- Network problems
- Incorrect credentials
Note: JumpCloud RADIUS servers do not respond to ICMP, so ping will not respond if attempting a basic availability check.
- Make sure the password being used works as expected with the JumpCloud User Portal. Note this will confirm the password, though the portal uses the email address, RADIUS is expecting the username and password, NOT email address and password.
- Verify the public IP address where the requests originate and compare it to the RADIUS record in the JumpCloud Console. This can be done with https://www.whatismyip.com/ or using
# curl ifconfig.cofrom a shell.
- Verify the shared secret. For some devices/applications, complex strings will cause a failure. If this is suspected, change the shared secret to a short alpha/numeric string.
- Verify users are members of a User Group that has been granted access to RADIUS. See Binding Users to Resources.
- Verify port 1812/UDP is being used and the network is not blocking that traffic.
- If the device/application has a testing option and still fails, test the RADIUS connection on an independent device to help narrow where the problem exists. This can be done on Windows with ntradping, or radtest for any os variant with an available FreeRADIUS package.
radtest YOUR_USERNAME "YOUR_PASSWORD" RADIUS_IP 0 "SHARED_SECRET" # radtest myradiususer "mypass" 188.8.131.52 0 "mysecret" Sent Access-Request Id 39 from 0.0.0.0:48164 to 184.108.40.206:1812 length 80 User-Name = "myradiususer" User-Password = "mypass" NAS-IP-Address = 10.128.0.3 NAS-Port = 0 Message-Authenticator = 0x00 Cleartext-Password = "mypass" Received Access-Accept Id 39 from 220.127.116.11:1812 to 0.0.0.0:0 length 20
If these solutions do not resolve the issue, note the username failing to authenticate, your Organization ID, a timestamp of the attempt(s)/failure(s), if possible, logs from the application/device, and submit a support request for further assistance.