https://community.ruckuswireless.com/t5/SmartZone-and-Virtual-SmartZone/Help-identifying-AD-Lockouts-from-Proxy-Auth-via-CHAP/m-p/80798#M5121 <P>We have 2 VIP users which are constantly locking out their AD accounts.&nbsp; The lockouts are coming from the CHAP system via AD, and the Ruckus vSmartZone system is the only CHAP auth system we have.&nbsp; We were able to correlate the AD timestamps with the "radius.log" file on the SmartZone controller, and are seeing the following:<BR /><BR /></P><LI-CODE lang="markup">[Tue Jun 04 2024 20:37:08:763][CP][RADIUS][ERR][FID=1,ueMac=84:25:3F:6B:00:57,AID=131330,TID=-302008576][wsg_rad.c:1961] AAA Proxy Authentication failed for UE [Tue Jun 04 2024 20:37:08:763][CP][RADIUS][ERR][FID=1,ueMac=84:25:3F:6B:00:57,TID=-302008576][wsg_rad.c:1968] Recvd Access-Reject from AAA Name:[REDACTED-Radius-Proxy] for UE MAC:[84-25-3F-6B-00-57] [Tue Jun 04 2024 20:37:08:763][CP][RADIUS][WRN][FID=1,ueMac=84:25:3F:6B:00:57,TID=-302008576][memcached_wrapper.c:994] MWL_FindEntry_StrKey - Could not find a key 84-25-3F-6B-00-57 entry</LI-CODE><P>In general, Radius auth is working fine.&nbsp; My user and most other users connect successfully without issue.&nbsp; We believe these 2 users left themselves logged into a device a long time ago, saved credentials, and it's trying to authenticate in the background, silently hammering the system, but I can't prove that.&nbsp; Am I correct in my understanding that the ueMAC is the client mac for this connection attempt?&nbsp; We did a MAC lookup and it wasn't very helpful, it suggests it could be like a hotspot or something but it's inconclusive.</P><P>That MAC is not in our device inventory, is not correlating with any AP or our Domain Controllers or Hypervisors.&nbsp;</P><P>We are using Ruckus virtual SmartZone Essentials 6.1.2.0.404, connecting to an Active Directory Domain Controller running NPS on Windows Server 2019.</P> Tue, 04 Jun 2024 22:03:00 GMT josephgullo 2024-06-04T22:03:00Z https://community.ruckuswireless.com/t5/SmartZone-and-Virtual-SmartZone/Help-identifying-AD-Lockouts-from-Proxy-Auth-via-CHAP/m-p/80798#M5121 <P>We have 2 VIP users which are constantly locking out their AD accounts.&nbsp; The lockouts are coming from the CHAP system via AD, and the Ruckus vSmartZone system is the only CHAP auth system we have.&nbsp; We were able to correlate the AD timestamps with the "radius.log" file on the SmartZone controller, and are seeing the following:<BR /><BR /></P><LI-CODE lang="markup">[Tue Jun 04 2024 20:37:08:763][CP][RADIUS][ERR][FID=1,ueMac=84:25:3F:6B:00:57,AID=131330,TID=-302008576][wsg_rad.c:1961] AAA Proxy Authentication failed for UE [Tue Jun 04 2024 20:37:08:763][CP][RADIUS][ERR][FID=1,ueMac=84:25:3F:6B:00:57,TID=-302008576][wsg_rad.c:1968] Recvd Access-Reject from AAA Name:[REDACTED-Radius-Proxy] for UE MAC:[84-25-3F-6B-00-57] [Tue Jun 04 2024 20:37:08:763][CP][RADIUS][WRN][FID=1,ueMac=84:25:3F:6B:00:57,TID=-302008576][memcached_wrapper.c:994] MWL_FindEntry_StrKey - Could not find a key 84-25-3F-6B-00-57 entry</LI-CODE><P>In general, Radius auth is working fine.&nbsp; My user and most other users connect successfully without issue.&nbsp; We believe these 2 users left themselves logged into a device a long time ago, saved credentials, and it's trying to authenticate in the background, silently hammering the system, but I can't prove that.&nbsp; Am I correct in my understanding that the ueMAC is the client mac for this connection attempt?&nbsp; We did a MAC lookup and it wasn't very helpful, it suggests it could be like a hotspot or something but it's inconclusive.</P><P>That MAC is not in our device inventory, is not correlating with any AP or our Domain Controllers or Hypervisors.&nbsp;</P><P>We are using Ruckus virtual SmartZone Essentials 6.1.2.0.404, connecting to an Active Directory Domain Controller running NPS on Windows Server 2019.</P> Tue, 04 Jun 2024 22:03:00 GMT https://community.ruckuswireless.com/t5/SmartZone-and-Virtual-SmartZone/Help-identifying-AD-Lockouts-from-Proxy-Auth-via-CHAP/m-p/80798#M5121 josephgullo 2024-06-04T22:03:00Z