Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] What does error "group not checked" mean when configuring XAuth to Microsoft IAS server.

0

0

Article ID: KB6648 KB Last Updated: 31 Aug 2010Version: 4.0
Summary:
What does error 'group not checked' mean when configuring XAuth to Microsoft IAS server?
Symptoms:
Symptoms & Errors:
  • Error '"group not checked'" when configuring xauth to Microsoft IAS server.
  • Debug message '"group not checked'"
Solution:

The "group not checked" message occurs when applying the "debug auth radius" command.

Example :

##2003-07-28 14:32:35 system-debugging: >>> radius_send(aq_ent=0x00a0f9c4{soc=260, flag=2, rad_state=1})
##2003-07-28 14:32:35 system-debugging: >>> radius_initiate_authentication(aq_ent={un='test', fl=2, as_id=3(192.168.13.200:1645), rt=0, rt1=0, rt2=0})
##2003-07-28 14:32:35 system-debugging: get_auth_radius_clnt_session_id: entered
##2003-07-28 14:32:35 system-debugging: >>> rad_send_auth_l2tp(soc=260, ip=192.168.13.200, port=1645, vsys=0x00000000, id=12, un='test', ss='netscreen', sid='NS-0000000c', phy_port=12)

##2003-07-28 14:32:35 system-debugging: >>> rad_send(soc=260, ip=192.168.13.200, port=1645, vsys=0x00000000, pac=0x064904c0, len=75)
##2003-07-28 14:32:35 system-debugging: <<< rad_send() = 1
##2003-07-28 14:32:35 system-debugging: <<< rad_send_auth_l2tp() = 1
##2003-07-28 14:32:35 system-debugging: <<< radius_initiate_authentication() = 1
##2003-07-28 14:32:35 system-debugging: <<< radius_send(aq_ent=0x00a0f9c4{soc=260, flag=3, rad_state=2}) = 1
##2003-07-28 14:32:35 system-debugging: RadiusRecv: recvd some data on socket 260
##2003-07-28 14:32:35 system-debugging: >>> rad_parse(packet=0x0645a210, len=20)
##2003-07-28 14:32:35 system-debugging: rad_parse() = rad_msg=0x06462b00{code=3, id=12, ...}
##2003-07-28 14:32:35 system-debugging: RadiusRecv: checking j 0 j:socket 260, sock 260, j:rad_id 12, rad_msg->id 12
##2003-07-28 14:32:35 system-debugging: RadiusRecv: Breaking
##2003-07-28 14:32:35 system-debugging: RadiusRecv: data on socket 260 for aq_ent 0xa0f9c4 (entry 0), state 0x2
##2003-07-28 14:32:35 system-debugging: >>> rad_recv_auth(soc=1040144)
##2003-07-28 14:32:35 system-debugging: <<< rad_recv_auth() = rad_auth_resp=0x0645a1c0{authed=0 priv=0 id=12}
##2003-07-28 14:32:35 system-debugging: check_radius_auth_result: auth 0xa0f9c4, id 12,  NOPE, FAILED USER/PASS AUTH,
##2003-07-28 14:32:35 system-debugging:  GROUP NOT CHECKED
##2003-07-28 14:32:35 system-debugging: <<< check_radius_auth_result() = 0
##2003-07-28 14:32:35 system-debugging: >>> RadiusRecv(aq_ent={un='test', fl=3, as_id=3, rt=0, rt1=0, rt2=0})
##2003-07-28 14:32:35 system-debugging: <<< RadiusRecv(aq_ent={rad_state=9}) = 0
--- more ---
##2003-07-28 14:32:35 system-debugging: RadiusRecv: result 0

Suggested steps to check for resolution:

On Microsoft IAS Server:
  1. Check that the username is part of the group specified under the IAS policy
    • i) Right click on Remote Access Policy
    • ii) Check that the correct group has been selected under the '"Specify conditions to match'"
    • iii) Check that '"Grant access permission'" has been selected.

  2. Ensure the user has dial-in permissions enabled within the Active Directory.
    • i) Right click user name under Computer management > Local Users And Group > Users
    • ii) Select the Dial-In Tab
    • iii) Check '"Control access through Remote Access Policy'"

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search