Radius timeout
Posted: Mon Jan 27, 2020 8:34 pm
Hi,
I'm using Windows NPS as Radius to authenticate VPN users by domain controller.
I just moved my DC on VLAN, and now I cannot authenticate users: "user ... authentication error, radius timeout"
Radius stats give me 35 request and 35 timeout, 0 accepts.
On windows 2012 NPS on firewall log I do not have anything, any incoming connections.
When I connect to mikrotik using VPN authentication instead DC, and getting the same IP, that users authenticated by DC shoul get, then I no problem ping my domain controller.
Here are my firewall logs, to and from VLAN where my DC is:
vlan101 - DC vlan
But even if I disable block all forward rule at the end of rules in Mikrotik, then still have timeout to RADIUS error.
I'm using Windows NPS as Radius to authenticate VPN users by domain controller.
I just moved my DC on VLAN, and now I cannot authenticate users: "user ... authentication error, radius timeout"
Radius stats give me 35 request and 35 timeout, 0 accepts.
On windows 2012 NPS on firewall log I do not have anything, any incoming connections.
When I connect to mikrotik using VPN authentication instead DC, and getting the same IP, that users authenticated by DC shoul get, then I no problem ping my domain controller.
Here are my firewall logs, to and from VLAN where my DC is:
Code: Select all
add action=accept chain=forward dst-port=135,587 in-interface=vlan101 protocol=tcp
add action=accept chain=forward dst-port=53,88,135,139,389,443,445,464,1433,8080,3268,3269,3389,49158,49155 out-interface=vlan101 protocol=tcp
add action=accept chain=forward dst-port=22,636,445,9389 out-interface=vlan101 protocol=tcp
add action=accept chain=forward in-interface=!ether5 out-interface=vlan101 protocol=icmp
add action=accept chain=forward dst-port=53,88,123,137,138,389,445,464,1434,1812,1813 out-interface=vlan101 protocol=udpBut even if I disable block all forward rule at the end of rules in Mikrotik, then still have timeout to RADIUS error.