All Topics » Pulse Policy Secure



RADIUS authentication rejected & endpoint are temporarily locked out


hayyan
Contributor (11)
Dec 24, 2013 7:15am

Everything has been working fine but now I see a lot of messages regarding RADIUS authentication rejected  & endpoint are temporarily locked out. What happens then is Endpoint ( PC in this case) don't authenticate. Initally we had them MAC auth and later on installed OAC so they can authenticate using a role. Can someone help? I have copied the logs from user level below

 

 

 

Info EAM24806 2013-12-24 08:59:32 - ic - [127.0.0.1<blank>()[] - RADIUS authentication rejected for <blank> (realm '') from location-group 'VL-VH-BDALES' and attributes are: NAS-IP-Address = 10.195.21.2,NAS-Port = 193,NAS-Port-Type = 15
Info EAM24460 2013-12-24 08:59:32 - ic - [127.0.0.1<blank>()[] - RADIUS requests from NAS VC-BDALE-01 for endpoint 00-16-17-3f-0e-dc are temporarily locked out
Info EAM24806 2013-12-24 08:59:32 - ic - [127.0.0.1<blank>()[] - RADIUS authentication rejected for <blank> (realm '') from location-group 'VL-VH-BDALES' and attributes are: NAS-IP-Address = 10.195.21.2,NAS-Port = 193,NAS-Port-Type = 15
Info EAM24460 2013-12-24 08:59:32 - ic - [127.0.0.1<blank>()[] - RADIUS requests from NAS VC-BDALE-01 for endpoint 00-16-17-3f-0e-dc are temporarily locked out



kalagesan
Contributor (11)
Jan 7, 2014 10:37pm

Hi Hayyan,

 

I suspect the machines account lokced due to failure log in attempts.

 

I suspect the configuration on OAC installed oon the endpoint PC is inititating the repeated auth requests leading to this failure.

 

I recommend you to create a Juniper SUpport case with OAC logs, IC user access and radius debug logs taken during the issue

Regards,

Kannan