radius | Booches.nl

Troubleshooting: FortiGate and RADIUS

René Jorissen on December 12, 2025 • 0 Comments • Tags: #authenticate #fnbamd #fortigate #radius

I recently encountered a strange case where RADIUS authentication on a FortiGate cluster was failing on the secondary node. The cluster uses multiple VDOMs configured in a vcluster, and each FortiGate has its own out-of-band management IP. Authentication had been working fine previously. On the secondary FortiGate, I enabled debugging to see if authentication requests … Read More

Configuration Example, Security

Restore RSA 7.1 primary database and RADIUS config

René Jorissen on June 30, 2010 • 2 Comments • Tags: #configutil #database #instance #on-demand #primary #radius #replica #restore #rsa #rsautil

A few days ago I was troubleshooting a problem with an ISA array after upgrading the VMware environment as you can read in this article. I had a same kind of problem with a RSA environment. After upgrading the VMware Tools and the Virtual Hardware, the RSA database didn’t start anymore. RSA noticed to much … Read More

Configuration Example, Security

MAB and MDA in an IP Phone environment

René Jorissen on February 5, 2010 • 26 Comments • Tags: #5330 #authenticate #bypass #cdp #cisco-av-pair #device-traffic-classvoice #domain #host-mode #lldp #mab #mac #mda #mitel #multi-domain #multiple #phone #radius #vsa

I blogged before about the MAC Authentication Bypass (MAB) feature in network environments. MAC Authentication Bypass can be used to secure the wired network by verifying MAC addresses to a central database. By using a radius server, like Microsoft IAS or FreeRadius, you can also redirect verified MAC addresses to a specific VLAN. Lately I … Read More

Proxy

Active Directory: one account, two passwords

René Jorissen on November 11, 2009 • 1 Comment • Tags: #account #active #directory #isa #one #owa #password #passwords #radius #two

Lately I noticed something strange. I configured an ISA server as reverse proxy for OWA. The customer demanded the ability for users to change their password through OWA. I configured the OWA listener with LDAPS authentication against the Active Directory and enabled the option to select “I want to change my password after logging on” … Read More

Proxy

Where is the Internet Authentication Service?

René Jorissen on November 4, 2008 • 0 Comments • Tags: #2008 #authenticate #authenticate #ias #internet #isa #nap #networkaccessprotection #networkpolicyandaccessservice #networkpolicyserver #nps #owa #pda #radius #server #services #synchronization #technet #vpn #windows

Microsoft IAS server is often used as RADIUS server to authenticate VPN users or in conjunction with ISA reverse proxy to authenticate OWA users or PDA synchronization. Today I had to install an ISA reverse proxy server with ISA 2006 Standard and Exchange 2007. I wanted to install Microsoft IAS as RADIUS server to authenticate … Read More

Configuration Example, Security

MAC Authentication Bypass – Continued

René Jorissen on June 20, 2008 • 1 Comment • Tags: #8021x #authenticate #bypass #caveats #guest-vlan #ias #lan #mac #nac #nap #on #radius #wake #wol

Finally I had a day “off” and could test MAC Authentication Bypass (MAB) in our test environment at the office. I created the following test environment: There are 4 different VLAN’s and a Cisco Catalyst 3750 connects the VLAN’s to each other. I wanted to create an environment with the following properties: All switch ports … Read More