This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Radius authentication failing Sophos XG and Sophos wireless

Hi Guys,


I need some troubleshooting assistance please.   I have 3 Sophos wifi access points connected to a Sophos XG 230 firewall cluster.  I have the Guest wifi working on WPA2 Personal but I am unable to get WPA2 Enterprise working with radius authentication to a Windows AD/NPS server. 

The test radius connection is successful so I can connect to from the FW to the Radius server and authenticate.  However when I am unable to connect from a Windows laptop to the secure Wifi.  I followed this article - https://community.sophos.com/kb/en-us/132912 - I`ve reset and restarted this configuration multiple times without any luck.  I also logged a case with Sophos support which is still open but I am not really getting answers from them. 

I have now resorted to installing NPS on a second DC and configuring NPS on there and I still have the same issue(or maybe similar issue).  

This event is logged on the NPS server when I tried to authenticate from the laptop.  The firewall is 10.50.10.251 and the DC is 10.50.10.10

<Event><Timestamp data_type="4">05/30/2019 10:27:12.323</Timestamp><Computer-Name data_type="1">DC-01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311 1 10.50.10.10 05/30/2019 00:07:48 45</Class><Session-Timeout data_type="0">30</Session-Timeout><Fully-Qualifed-User-Name data_type="1"> domain.local/User Name</Fully-Qualifed-User-Name><Acct-Session-Id data_type="1">C5568A34-0000001F</Acct-Session-Id><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><NP-Policy-Name data_type="1">Secure Wireless Connections</NP-Policy-Name><Client-IP-Address data_type="3">10.50.10.251</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">XG Firewall</Client-Friendly-Name><Proxy-Policy-Name data_type="1">SFOS-Connectivity to Radius</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1"> domain\user.name</SAM-Account-Name><Authentication-Type data_type="0">5</Authentication-Type><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>

 

Question 1: Anything in the above log that points to an issue?

Question 2: Will WPA2 Enterprise work if there are issues with the CA/certificates?  How can I disable the certificate check to rule this out?

Question 3: Any advise on how to simplify the Sophos recommended config to troubleshoot?

 



This thread was automatically locked due to age.
Parents Reply Children
No Data