Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Anton_Kazantsev
Contributor

RADIUS as a authentication factor for new clients

Trying to authenticate new cilents (E65 and above) or mobile access portal with RADIUS as authentication factor. Gateway sends in log "Failed to generate RADIUS auth request". Same setting for older vpn client works great. 

Maybe its a known "fetature"?

8 Replies
PhoneBoy
Admin
Admin

My understanding is the actual RADIUS connection comes from the gateway not the client itself, with the client merely sending the request to the gateway.

I'd open a TAC case on this issue: Contact Support | Check Point Software 

0 Kudos
Hugo_vd_Kooij
Advisor

Have toy defined the server as Radius version 1 or Radius version 2?

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
Anton_Kazantsev
Contributor

I had two RADIUS servers. 1st - v2, 2nd - v1

Both sends "Failed to generate RADIUS auth request" in logs

Anton_Kazantsev
Contributor

It seems I resolved this issue. Because SmartConsole does not enforce restrictions on names of Radius server object, I named it with spaces, but SmartDashboard said that spaces are prohibited and replaces it with underscore. After that I can authenticate with radius on new multi-login options.

I'll check it out more

AK2
Collaborator

Found this very helpful thanks - got the same error and same solution - My Radius Server was called "Radius Primary" - renaming it to RadiusPrimary removed the error. 

enapp
Explorer

In my case my device is 1500 Locally Managed, the error message is the same but I am using Active Directory instead of RADIUS.

Checking the Security Log it reports Authentication Method: RADIUS.

Any advise?

0 Kudos
Duane_Toler
Advisor

Check your LDAP Account Unit object, "Authentication" tab.  You might have either the Default template or the the default authentication set as RADIUS.  You can also check the Default template user properties and its "Authentication" property.

0 Kudos
enapp
Explorer

Hi Duane,

It is working. I ended up removing the AD Group,  disabling the Remote Access and reconfigured from the scratch. I changed also the Certificate Authentication to Manually choose a VPN certificate: Default VPN and  and Cluster Certificate.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events