Troubleshoot/Test RADIUS connection to VIP Enterprise Gateway.

VIP Enterprise Gateway

NTRadPing is a useful tool for testing installations of your RADIUS validation servers. This tool mimics a NAS client and simulates an actual authentication request by sending the request directly to a specific RADIUS validation service. Before sending a request, you'll need to configure the validation server's IP address (located in the validation server settings), the RADIUS shared secret key, and a username. Don't check the "CHAP" checkbox. 

To download the NTRadPing tool, click on the ZIP or RAR file attached to this article. Unzip ntradping.exe and raddict.dat into a folder on the VIP Enterprise Gateway server.

1. Double-click NTRadPing.exe
2. Enter the following fields:
   1. RADIUS Server/port - Validation Server IP address and port (ie. 1812)
   2. RADIUS Secret Key  - Shared secret set up on the UA validation server
   3. User-Name - Username of the test user
   4. Password - OTP from the token assigned to the user
      Note: The password should be as it is configured in the validation server settings (e.g., security code, LDAP Password+Security Code, Access PIN+Security Code, LDAP Password+Security Code+RADIUS Access Challenge).
      
      
      Sample NTRadPing (version 1.5)
      
      

In the lower-right list box, the results of the RADIUS request will be displayed, along with a complete dump of all the returned RADIUS attributes. If the validation is successful but an actual validation from the 3rd party integration fails, there is likely a configuration issue with the response being sent to the validation server from that 3rd-party integration (i.e., Cisco, Citrix, etc). If the validation fails, check the server.log on the VIP Enterprise Gateway for more information.

Please note, that NTRadPing does not support RADIUS validation servers on VIP Enterprise Gateway 9.11.2 (or with the CVE-2024-3596 hotfix applied) when RADIUS Packet Security Mode is set to Compliant. Only Compatible mode is supported. This is due to a limitation in the NTRadPing tool where it does not support the RADIUS Message-Authenticator attribute.