Hey everyone! I'm a junior sysadmin working on a project to set up multi-factor authentication (MFA) on our Linux servers using Authpoint. I've gone through the documentation several times and configured a test server, but I'm having trouble getting it to communicate with the Authpoint gateway. When I enter my password, it seems like it's trying to connect but then returns an 'access denied' message. I'm wondering if I need to create a firewall rule to allow communication over port 1812 for RADIUS authentication to enable specific static IP addresses to connect with the Authpoint gateway, or if there's something else I might be overlooking. Any tips would be greatly appreciated! Also, just a heads-up, this is my first Linux project, so I'm still getting the hang of it.
3 Answers
Great advice so far! One more thing to check is whether your server is synced with NTP. If your server time is off, it can cause issues with MFA without it being immediately obvious that time is the problem. If your server is part of a domain, it’s likely synced, but double-check just in case!
The 'access denied' error typically points to an authentication issue, not a firewall one. You might want to inspect your logs located at `/var/log/auth.log` for Debian/Ubuntu or `/var/log/secure` for Red Hat/CentOS, which could give you more context on the authentication failure. If necessary, test if the port is reachable from your client with the command `nc -nvzw5 `; if it hangs, then you might be facing a firewall or routing issue. But it sounds like this is more of an auth problem with the gateway.
It’s hard to say if you need to set up a firewall rule without knowing more about your network layout and security policies. A good starting point is to check your server logs to look for messages from the PAM module you’re configuring. You might want to take a look at `/var/log/secure` or `/var/log/auth.log`. Also, you can monitor network traffic with tools like Wireshark or tcpdump to see if traffic is flowing correctly to the Authpoint gateway. If you don’t see any traffic, it could mean the PAM module isn’t loading appropriately. On the other hand, if you do see traffic but no replies, consider checking your shared secret for the RADIUS server and firewall settings. Let us know what you find out!
I get that you're saying it's not a firewall issue, but access denied errors can sometimes be indirectly related to that—as well as to configuration errors like a bad DNS entry or a wrong shared secret. If you're facing timeouts or hangs, those could indicate a problem too.