NMAS Radius Troubleshooting

This document is intended as a general step-by-step process to determine what is failing in the RADIUS components.

If there are problems getting the RADIUS service to start due to logging into the DAS (Dial Access System) object in eDirectory, correct those password errors first. Once the RADIUS service starts, the administrator is capable of troubleshooting the service by :

1. From the server console, start up the debugging. It is recommended to start the logging of this information rather than just the screen logging. Screen logging is done by running the command :
   

   RADIUS DEBUG ON
   

   File logging is turned on by :
   

   RADIUS DEBUGLOG ON
   

   The file for logging is stored in the SYS:/ETC/RADIUS/DEBUG/RADDBG.LOG file.
   
2. Refresh the RADIUS cache. This is done by running the command :
   RADIUS REFRESHCACHE
3. Consult the RADIUS Debug console screen (or the RADDBG.LOG file) for any errors. Before authentication can be guaranteed to operate, the client table must successfully refresh.
4. Attempt a connection using the test client, or using the device that has "failed" to operate.
5. Wait for the Access-Reject, Access-Accept, or a timeout to occur.
6. Consult the RADIUS Debug console screen again (or the RADDBG.LOG file) for errors associated with the authentication attempt, and resolve them (resolution depends on the errors - please consult the knowledge base with the specific errors).

This is the basic NMAS Radius resolution process, and will allow the administrator to isolate specific failures. Once the failures are resolved, the service will be operational.