Layer7 API Management

We have Radius configured.  On some clusters it works for both the Policy Manager and the CLI.  In other cases it works on the Policy Manager but NOT the CLI.  Going to the same Radius instance in both cases. 

In other words for the same users it is successful for PM but fails 100% of the time for all users when trying to SSH to the command line.  On the Radius side it fails with "user authentication failed."  Shared secret is correct.

Any ideas?

If it's going to the same RADIUS server in both clusters but they behave differently, then I'd have to assume the configuration is done differently on the SSH side of things when it comes to integrating RADIUS with the SSH layer. I'd recommend starting troubleshooting by comparing the various SSH-related config files in your environment and to ensure they are configured the same.

It may be a moot point, especially if the issue is on the configuration side of the client, but do you happen to know if your RADIUS server can provide more information on what it didn't like about the authentication (i.e. invalid username, invalid password, missing credential, etc.)? It may come in handy to narrow that down if the configs are matched up to be exactly the same.

PS - Are these software form factor Gateway nodes or are they built using the CA OVA we provide for the Gateway?

Hi,

Did the answers on this thread answered your question? If it did please mark it as the right answer.
When your question is not answered or you still have additional questions please let us know.

With Kind Regards
Dirk

Thanks this was useful information.  We also discovered accounts were not created correctly.