Solving Access-Reject Issues

This article provides some tips if you are seeing authentication requests being rejected by the RADIUS server.

On the Windows platform, one useful tool is NTRadPing Test Utility which can be downloaded from the authors website.

This handy tool produces a simple Authentication Request which will be sent to a defined RADIUS server with defined connection parameters and credentials.

In the RADIUS Server reply section, you will see how fast and what response did the server provide. Although it does not support tunneled EAP authentication requests, it can be used to debug basic PAP and CHAP methods.

 

ntr+

1. If the answer is Access-Accept, the server accepted your authentication request and you should be able to use the wireless network. If you are still experiencing problems, double-check the configuration of your wireless router and the client's device.

2. If you see Access-Reject is the answer from the RADIUS server, then there might be multiple explanations:

  • provided credentials might be wrong
  • The user might be disabled
  • The user's account might be expired
  • The user is trying to log in outside the assigned Login Time

3. Another output you might see is the message no response from the server (timed out). If this is the case, please double-check RADIUS Server IP address, Port, and Secret Key. If the values are correct, your firewall might be blocking outgoing requests. Contact your network administrator to verify if outgoing traffic to server's IP address and UDP port is allowed.