Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Radius Authentication to Admin Interface Fails Despite Valid Test


I am still relatively new with Sophos products. I've got a Radius server set up to authenticate users to the admin interface, but it's not working. I've reviewed the documentation several times and am unable to determine what I'm missing. I feel like there's one piece that I haven't enabled, yet I cannot find it.

This is on a Sophos XGS116 running SFOS 19.5.3 MR-3 Build 652.

I went to Authentication -> Servers and

  1. Added a new authentication server - type RADIUS
  2. Provided a name
  3. IP address
  4. Authentication port (1812)
  5. Timeout is set to 3 seconds
  6. Accounting is not enabled
  7. Shared secret specified
  8. Domain Name is blank - this Radius server is not IAS and is not configured with Active Directory - it's a Steel Belted Radius server that's using a local database
  9. Group Name Attribute is set to "Filter-Id" (without the double quotes)

When I select Test connection, I see "Device-RADIUS server connectivity test was successful"

Next, I went to Authentication -> Services

Under Administrator Authentication Methods, I have both Local and the Radius server selected
Dragged and dropped the order of the auth servers such that the Radius server is first in the list

I attempted to log in with the same credentials I used when testing the connection.

I ran a policy trace on the Radius server and can see the Access Request from the Sophos appliance, along with an Access Accept and I can see the value I have set for "Filter-ID" sent back as part of the Access-Accept message.

Can someone please advise?

Thanks in advance!

This thread was automatically locked due to age.