Radius Authentication failure

I have been testing Splynx on a local computer in my office without any problems, but I cannot get my client to authenticate when I switch to a cloud-hosted installation. My client, a Ubiquiti NS M5, logs that the CHAP and MS-CHAP failed and the Splynx Radius short.log reports an unknown error or login is empty error for this client. My current test setup is: laptop plugged into NS M5 connected to UBNT AP connected to UBNT EdgeRouter connected to Internet which leads to my cloud server with SPLYNX radius. What are the possible issues that would cause authentication to fail like this?

Hi Kevin,
I think that the issue is in IP address from which Splynx receives Radius packets (probably NAT involved ?)

We have an article describing the Radius troubleshouting - https://splynx.com/3000/splynx-radius-configuration-and-troubleshooting/
As it’s written there - our Radius server consists of 2 daemons called “splynx_radd” and “freeradius”. Both of them have different debugging and show different information. Enable splynx_radd debugging changing the configuration file : /var/www/splynx/config/radius.php
[debug] section enable should be changed to – “true”

To restart Radius server, enter command in SSH : service splynx_radd restart

Now we can check the debug file, again it’s accessible from CLI of Linux Splynx server:

The best way to check the file is command tail -f /var/www/splynx/logs/radius/debug.log

If splynx_radd debug doesn’t show us anything, we can try to run freeradius daemon in debug mode and see if any packets are received by Radius server.

Run CLI commands :
service freeradius stop
freeradius -Xxxx

write us here the output which you receive on Radius debug.

Thanks Alex. The radius debug log helped me to understand my problem. My EdgeRouter does have a private IP and is 1to1 NATed in my core router to a Public IP…I just had to set the override IP in the EdgeRouter to the Public IP and all is well.

No problem, this issue is let’s say 90% of all cases related to Radius :slight_smile: