Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Answers 4 answers
  • Subscribers 29 subscribers
  • Views 33968 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Getting "the connection failed due to incorrect credentials" when testing Radius connection

rizzah

Hi,

 

I am running UTM for some time and i got among other things the Radius server setup fine there. Im trying to build a XG firewall aside the current one to make an easy switch. Im getting stuck at adding/testing a radius server. On my AD i added 2nd entry with NPS -> Radius clients, aside my current one. On my XG i entered my AD Radius server and then press test connection. It will pop up wiht a username / password question. I tried my domain administrator (with domain\administrator and without), but i keep getting the message that there are incorrect credentials.

I have also tried to limit the shared secret because the original one could have been too long (read this in another post), but this didnt help.

 

What am i doing wrong?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to rizzah

    Hello Peter,

     

    Please try enabling the PAP under authentication method. PAP is used to test the connectivity between XG and RADIUS server. Please refer to below shared screenshot and let me know if this works for you.

     

    Thanks,
    Asad

     

  • 0 in reply to AsadulHasan

    Hi,

     

    I tried your settings, it didnt make a difference. I keep getting the same error.

    I also keep seeing "NTLM authentication FAILED" but when i goto authentication -> servers -> <my added active domain server> and press test connection it goes ok.

    ill add a screendump of a pcap trace.

  • 0 in reply to rizzah

    Hello Rizzah,

     

    From the packet capture, I can see the DNS traffic being forwarded to server so if your server is able to resolve the Damon name, it should work fine. Please open a case with support in order to get this sorted out.

     

    Regards,

    Asadul Hasan