Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Using RADIUS Agent for Transparent User Identification > RADIUS Agent troubleshooting > RADIUS server Event Log warnings or error messages
RADIUS server Event Log warnings or error messages
Using RADIUS Agent | Web Security Solutions | Version 7.7, 7.8
The RADIUS server Event Log can be helpful in determining the cause of VPN connection or authentication problems, and in distinguishing whether the problem lies in RADIUS Agent or VPN setup.
RADIUS Accounting is not enabled on the RADIUS server
With some RADIUS servers (Microsoft IAS for example), RADIUS Accounting must be enabled so that RADIUS Agent can get the IP address of the RADIUS client.
The RADIUS server should include the attributes User-Name and Framed-IP-Address in authentication and accounting messages. RADIUS Agent uses the values of these attributes to interpret and store user name/IP address pairs. If your RADIUS server does not generate this information by default, configure it to do so. See your RADIUS server documentation for instructions.
RADIUS Agent has not been added as a client to the RADIUS server
Configure your RADIUS server to use Websense RADIUS Agent as a proxy. This involves adding RADIUS Agent as a client to the RADIUS server.
See your RADIUS server documentation for instructions on configuring a proxy.
*
If you have multiple RADIUS servers, each server must be configured separately.
*
Failure to configure RADIUS Agent as a proxy results in a RADIUS connection failure.
Is RADIUS Authentication for Windows domain users in use?
If you require the RADIUS server to authenticate Windows domain users, the RADIUS server may need to reside in the same Windows domain as these users. See your RADIUS server documentation for information on domain user authentication.
Is Livingston RADIUS server in use?
Lucent RADIUS Server must be configured to use Password Authentication Protocol (PAP), and the RRAS server must be configured to accept only PAP requests. For instructions, see your respective product documentation.
Is Microsoft Routing and Remote Access Server (RRAS) in use?
Run RADIUS Agent with administrative rights on an RRAS server. This ensures that when it is restarted, RADIUS Agent can retrieve all currently logged-on users from the RRAS server. In most cases, domain administrative rights are sufficient.
To verify that RADIUS Agent is retrieving all currently logged-on users, check the RADIUS Agent log file for the following entry:
WsRadiusApp::StartAgent()
WsRRASInspector::Inspect(127.0.0.1, 151ff24)
Adding RRAS entry to user map: ip=C0A8030C,
user=SOFIA\radiustest

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Using RADIUS Agent for Transparent User Identification > RADIUS Agent troubleshooting > RADIUS server Event Log warnings or error messages
Copyright 2016 Forcepoint LLC. All rights reserved.