Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Bryce_Myers
Collaborator

Radius on Gaia Embedded

Does anyone here have Radius configured on their Gaia Embedded boxes?

I have it working fine from the CLI, but when someone tries to login to the WebUI it instantly returns "invalid username or password".  I am currently running R77.20.51 on these boxes.  I did a tcpdump and I see the radius traffic when a CLI attempt is made, but no radius traffic when an attempt is made from the WebUI.

I went through the Gaia Embedded documentation related to radius and I didn't see anything about this being a known limitation.

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

It appears that certain characters in the RADIUS shared secret are problematic for logging in via the WebUI.

This was an issue targeted to be resolved in the R77.20.60 release, which can be downloaded here: R77.20.60 for Small and Medium Business Appliances 

If this doesn't resolve the issue, I recommend opening a TAC case.

0 Kudos
Bryce_Myers
Collaborator

Thanks Dameon -- I'm opening up a case with our engineers and I'll see if they have the same "fix".

0 Kudos
Bryce_Myers
Collaborator

R77.20.60 fixed our Radius issues.

The issue wasn't with the shared secret, rather which characters the WebUI will accept vs the CLI.

Prior to R77.20.60 if you used certain special characters in the WebUI - it would instantly tell you bad username/password.

0 Kudos
Pedro_Espindola
Advisor

I have no problem with it. All I did was run this commands in clish:

set radius-server priority 1 ipv4-address X.X.X.X udp-port 1812 shared-secret <shared-secret> timeout 5
set administrators radius-auth enable use-radius-groups false permission read-write

Try to use a shared-secret with only letters and numbers for testing as Dameon suggested.

0 Kudos
Kurtis_Johnson
Employee
Employee

Also note, there are advanced settings for modifying the RADIUS timeouts.  When using 2FA, you would be best to allow users more time to answer phone call/text or enter a TOTP code.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events