[IMPORTANT] Please note that this site will be disabled on October 31. In it's place, the new JumpCloud Help Center is live! Check it out here!

Support Center

Troubleshooting Radius Server Authentication


When configuring a device or application for use with JumpCloud RADIUS, users are not able to authenticate. E.g., WiFi or VPN users are not able to connect.


This may be due to one or more reasons:
  • Misconfigured device/application
  • Configuration mismatch between the RADIUS record in JumpCloud and the device/application
  • User is not a member of a group granted access to JumpCloud RADIUS record
  • Misconfigured client
  • Network problems
  • Incorrect credentials
Note: JumpCloud RADIUS servers do not respond to ICMP, so ping will not respond if attempting a basic availability check.
  1. Make sure the password being used works as expected with the JumpCloud User Portal. Note this will confirm the password, though the portal uses the email address, RADIUS is expecting the username and password, NOT email address and password. 
  2. Verify the public IP address where the requests originate and compare it to the RADIUS record in the JumpCloud Console. This can be done with https://www.whatismyip.com/ or using # curl ifconfig.co from a shell.
  3. Verify the shared secret. For some devices/applications, complex strings will cause a failure. If this is suspected, change the shared secret to a short alpha/numeric string.
  4. Verify users are members of a User Group that has been granted access to RADIUS. See Binding Users to Resources.
  5. Verify port 1812/UDP is being used and the network is not blocking that traffic.
  6. If the device/application has a testing option and still fails, test the RADIUS connection on an independent device to help narrow where the problem exists. This can be done on Windows with ntradping, or radtest for any os variant with an available FreeRADIUS package.

# radtest myradiususer "mypass" 0 "mysecret"
Sent Access-Request Id 39 from to length 80
User-Name = "myradiususer"
User-Password = "mypass"
NAS-IP-Address =
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "mypass"
Received Access-Accept Id 39 from to length 20 

If these solutions do not resolve the issue, note the username failing to authenticate, your Organization ID, a timestamp of the attempt(s)/failure(s), if possible, logs from the application/device, and submit a support request for further assistance. 


Last Updated: Nov 30, 2018 04:42PM MST

Related Articles
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found