Showing results for 
Search instead for 
Did you mean: 

Help identifying AD Lockouts from Proxy Auth via CHAP.

New Contributor

We have 2 VIP users which are constantly locking out their AD accounts.  The lockouts are coming from the CHAP system via AD, and the Ruckus vSmartZone system is the only CHAP auth system we have.  We were able to correlate the AD timestamps with the "radius.log" file on the SmartZone controller, and are seeing the following:

[Tue Jun 04 2024 20:37:08:763][CP][RADIUS][ERR][FID=1,ueMac=84:25:3F:6B:00:57,AID=131330,TID=-302008576][wsg_rad.c:1961]
AAA Proxy Authentication failed for UE
[Tue Jun 04 2024 20:37:08:763][CP][RADIUS][ERR][FID=1,ueMac=84:25:3F:6B:00:57,TID=-302008576][wsg_rad.c:1968]
Recvd Access-Reject from AAA Name:[REDACTED-Radius-Proxy] for UE MAC:[84-25-3F-6B-00-57]
[Tue Jun 04 2024 20:37:08:763][CP][RADIUS][WRN][FID=1,ueMac=84:25:3F:6B:00:57,TID=-302008576][memcached_wrapper.c:994]
MWL_FindEntry_StrKey - Could not find a key 84-25-3F-6B-00-57 entry

In general, Radius auth is working fine.  My user and most other users connect successfully without issue.  We believe these 2 users left themselves logged into a device a long time ago, saved credentials, and it's trying to authenticate in the background, silently hammering the system, but I can't prove that.  Am I correct in my understanding that the ueMAC is the client mac for this connection attempt?  We did a MAC lookup and it wasn't very helpful, it suggests it could be like a hotspot or something but it's inconclusive.

That MAC is not in our device inventory, is not correlating with any AP or our Domain Controllers or Hypervisors. 

We are using Ruckus virtual SmartZone Essentials, connecting to an Active Directory Domain Controller running NPS on Windows Server 2019.