hasflex.blogg.se - Radius login incorrect

Review the debug logs on the RADIUS server.

Also make sure that the ports that the RADIUS server uses are allowed through any firewalls which might be between the RADIUS server and the SRX.

If the authentication order is correct, check the RADIUS server reachability from the SRX.Below is an example of a profile with the authentication order set to only use RADIUS authentication: show access profile user-auth-profile authentication-order radius

If no authentication-order statement is included, the default behavior is to use local and then RADIUS (if a RADIUS server is defined). We can check the authentication order using the show access output or specifically using the command show access profile authentication-order. Since more than one authentication method can be specified, make sure that your authentication-order is correct.

If the access profile is correct, check the authentication order.

Make sure the profile listed here is the profile you intended to use.

When users authenticate from the page /dynamic-vpn/, the system will check what profile should be used based on what is listed under security -> dynamic-vpn -> access-profile. An example access profile is as show security dynamic-vpnġ72.30.73.206 secret "$ABC123" # SECRET-DATA If after re-entering the username and password, you still receive 'Invalid username or password specified', examine the access configuration on the SRX using the command show access or show access profile.The username may be case sensitive, depending on the RADIUS server. If you have not already tried, re-enter the username and password.To determine the issue, perform the following steps: The RADIUS server may be imposing an authentication restriction which we do not meet.The RADIUS server may not be reachable.

The RADIUS server may not be accepting PAP authentications.An incorrect shared secret is specified for SRX to Radius connection.The username or password entered does not match the username and password configured on the RADIUS server.Username or password was not typed in correctly.The 'Invalid username or password specified' error can occur under the following conditions: NOTE: If you are using local authentication (where the SRX is authenticating and assigning the IP addresses), instead refer to KB17420 - Error “Invalid username or password specified” when trying to login to Dynamic VPN page (using Local Authentication).