Radius timeout

zuku · Mon Jan 27, 2020 8:34 pm

Hi,
I'm using Windows NPS as Radius to authenticate VPN users by domain controller.
I just moved my DC on VLAN, and now I cannot authenticate users: "user ... authentication error, radius timeout"
Radius stats give me 35 request and 35 timeout, 0 accepts.
On windows 2012 NPS on firewall log I do not have anything, any incoming connections.
When I connect to mikrotik using VPN authentication instead DC, and getting the same IP, that users authenticated by DC shoul get, then I no problem ping my domain controller.
Here are my firewall logs, to and from VLAN where my DC is:

add action=accept chain=forward dst-port=135,587 in-interface=vlan101 protocol=tcp
add action=accept chain=forward  dst-port=53,88,135,139,389,443,445,464,1433,8080,3268,3269,3389,49158,49155 out-interface=vlan101 protocol=tcp
add action=accept chain=forward  dst-port=22,636,445,9389 out-interface=vlan101 protocol=tcp
add action=accept chain=forward  in-interface=!ether5 out-interface=vlan101 protocol=icmp
add action=accept chain=forward  dst-port=53,88,123,137,138,389,445,464,1434,1812,1813 out-interface=vlan101 protocol=udp

vlan101 - DC vlan
But even if I disable block all forward rule at the end of rules in Mikrotik, then still have timeout to RADIUS error.

Cvan · Tue Jan 28, 2020 2:23 am

On your NPS do you have the network policy configured with correct vendor settings and VLAN for Mikrotik?

Is the log message you have 'radius timeout' from the Mikrotik radius log;?

zuku · Wed Jan 29, 2020 8:24 pm

problem resolved, I configured as Radius Client Mikrotik with native Vlan IP address, and should configure in on new vlan101 IP address, after change NPS is working.

Radius timeout

Radius timeout

Re: Radius timeout

Re: Radius timeout