Troubleshoot RADIUS Server Integration Errors
The best way to troubleshoot a failed login is to test the settings in the security provider's configuration page. The section below helps you to understand the messages you may receive.
If testing a username and password from the Security Providers page provides no errors but the user cannot log into Bomgar using those same credentials, please check that at least one of the following sets of criteria is met.
- The user has been expressly added to an existing group policy.
- A default group policy has been set for the security provider configuration created to access the server against which the user is authenticating.
- The user is a member of a group that has been expressly added to an existing group policy, and both of the following conditions are met.
- Both the user provider and group provider have been individually configured.
- Group lookup has been enabled on the user provider via the If Authentication Succeeds dropdown, available upon edit.
Message 1: Authentication Failed
- The username and password that you are testing do not match.
- Reenter the credentials or attempt another username and password.
Message 10: Server Unavailable
- Your DNS information may be incorrect. You can test if your DNS server resolves by using the tools on the Support > Utilities page in your Bomgar /appliance interface.
- You must use the correct shared secret between RADIUS and your Bomgar Appliance.
- If a user who can normally authenticate cannot connect, check if the user's hours are restricted on the RADIUS server.
- If you are using an IAS server, the user authenticating must have remote access permission enabled.
- Authentication via PAP must be enabled. This is the only RADIUS method currently supported by Bomgar. Edit your IAS policy and ensure that this method is supported as a means of authenticating via the Bomgar Appliance.
Message 11: User Not Found
- The Bind Username, Bind Password, and Search Base must all be in the correct format on the security provider's configuration page.
- If using Active Directory, the account specified by the Bind Username must have permission to read other users' group memberships in the Active Directory store.
- The search query must be correct for your specific configuration. Please refer to your security provider's documentation for further help with this configuration.
Error 6ca and Slow Logins
- A 6ca error is a default response signifying that the Bomgar Appliance has not heard back from the DNS server. It may occur when attempting to log into the representative console.
- If users are experiencing extremely slow logins or are receiving the 6ca error, verify that DNS is configured in your /appliance interface.
Troubleshooting Individual Providers
When configuring an authentication method tied to group lookup, it is important to configure first the user provider, then the group provider, and finally the group policy memberships. When troubleshooting, you will want to work in reverse.
- Verify that the group policy is looking up valid data for a given provider and that you do not have any @@@ characters in the Group Policy Members field.
- Next, if a group provider is configured, verify that its connection settings are valid and that its Group Search Base is in the proper format.
- If you want to use group lookup, verify that the user provider is set to look up group memberships of authenticated users.
- To test the user provider, set a default policy and see if your users are able to log in.
- If users are not able to log in, check that either the provider is first in priority or that providers with higher priority are passing failed login requests to this user provider.