Symantec Privileged Access Management

 View Only
  • 1.  Radius integration with CAPAM

    Posted Jun 08, 2020 01:40 AM
    Hi Team,

    Iam trying to integrate the Radius server authentication in CAPAM. I have added the Radius server and target account and application for Radius server. In the configuration 3rd party tab i have added the Radius server. But when user is trying to login using LDAP+Radius authentication, user is getting Bad User id or password. I have checked the logs, it is showing Radius authentication failed. But same Radius server, iam able to login for some other applications. I have created the same username in Radius server DUO MFA tool, as it is in LDAP SAMAccountName.But still not able to login.

    Can anyone let me know is any other configurations need to do at CAPAM side?


    Thanks
    Bhumesh


  • 2.  RE: Radius integration with CAPAM

    Broadcom Employee
    Posted Jun 08, 2020 02:20 AM
    hi Bhumeh,

    Did you also import the RADIUS Group in CA PAM?

    Thanks,
    Reatesh.

    ------------------------------
    Principal Support Engineer
    Broadcom
    ------------------------------



  • 3.  RE: Radius integration with CAPAM

    Posted Jun 08, 2020 02:24 AM
    Hi Reatesh,

    No, i did not imported any Radius groups in CAPAM. In CAPAM it is showing create Radius group, but it is not showing Import Radius groups. Can you tell me how to import Radius groups?


  • 4.  RE: Radius integration with CAPAM

    Broadcom Employee
    Posted Jun 08, 2020 03:06 AM
    Hello Bhumesh,

    You are correct you need to create the RADIUS group in CA PAM with the same name as it exists in the RADIUS server.

    Thanks,
    Reatesh.

    ------------------------------
    Principal Support Engineer
    Broadcom
    ------------------------------



  • 5.  RE: Radius integration with CAPAM

    Posted Jun 08, 2020 03:59 AM
    Hi Reatesh,

    I have created a group in CAPAM same name as in Radius server. But in that users are not displaying.how to check that?


  • 6.  RE: Radius integration with CAPAM

    Broadcom Employee
    Posted Jun 08, 2020 04:22 AM
    Hi Bhumesh,

    Does the login work, we will not be able to view the users who are part of the RADIUS group created in CA PAM.

    Thanks,
    Reatesh.

    ------------------------------
    Principal Support Engineer
    Broadcom
    ------------------------------



  • 7.  RE: Radius integration with CAPAM

    Posted Jun 08, 2020 04:31 AM
    Hi Reatesh,

    I have created the same group. But iam unable to login CAPAM. I have tried both like, LDAP+Radius and only Radius also. But both are not working.

    Can you confirm one thing the user which are imported from AD/LDAP is different from Radius user right? The user name should be same for both AD and Radius right?



  • 8.  RE: Radius integration with CAPAM

    Broadcom Employee
    Posted Jun 08, 2020 05:01 AM
    You are correct Bhumesh, this is how I had configured in my lab.

    Thanks,
    Reatesh.

    ------------------------------
    Principal Support Engineer
    Broadcom
    ------------------------------



  • 9.  RE: Radius integration with CAPAM

    Posted Jun 08, 2020 05:17 AM
    Hi Reatesh,

    Iam getting the below errors while iam login using Ldap+Radius authentication.

    PAM-CMN-1001: User bhumesh failed LDAP+RADIUS authentication. The RADIUS authentication failed with RADIUS user name bhumesh.

    Can you tell where i can check exact issue? where i can check is PAM able to connect Radius server or not?