Use Authpoint in network device authentication
Hello,
I thought it would be cool to use the Authpoint gateway as the radius server for some switches but can't seem to get it to work. The switches are pointed to Authpoint Gateway as their radius server and I have the switches added to WGCloud as radius resources. I tried with and without MSCHAPV2.
The switches are not sending attribute 11 and I don't see that as an option, so I believe that is why it's failing. WatchGuard cloud logs do not show me a failure in the logs, but Wireshark on the Authpoint Gateway does show access-reject.
Is there anyway to trick Authpoint into looking at a different attribute? Or rewrite attribute X into attribute Y? It looks like I can configure 25,31,4,6,8 on the switches
Of course this is just academic at this point but still curious in theory if there is a way to get it to work. Thanks
MGLA
Comments
Hi @MGNL
Authpoint isn't really designed to authenticate devices, so it might not be handling what you want to do gracefully.
-Do you see any reject log in your audit logs in WatchGuard Cloud?
-If you check C:\ProgramData\WatchGuard\AuthPoint Gateway\logs, do you see anything in the radius logs?
The attribute is how AuthPoint passes the group to the device authenticating -- this is useful in situations where the device authenticating needs that data (like a firewall checking group membership to access a VPN.) If the device doesn't care about the attribute, it can simply be ignored.
If you keep running into this issue, I'd suggest opening a support case. If you do decide to do this, please include:
-What kind of devices you're having authenticate to the gateway.
-What specifically the devices are trying to authenticate for? (User access, radius accounting, etc.)
Thank you,
-James Carson
WatchGuard Customer Support
FYI I had missed adding the new Radius Resource to the Gateway in Watchguard Cloud. After doing that, it works great! 2FA on all my switches. Thanks