Enterprise Connect

Post-installation steps

Following installation, it is recommended to perform the following checks to verify that your environment has been set up as expected.

Check Windows Services

Make sure that the ForgeRock Radius Proxy service is installed and running via Windows Services:

  1. Press Windows + R on your keyboard.

  2. Type services.msc.

  3. Hit Enter to open the service.

  4. Search for the service under the name column. The service name is ForgeRock Radius Proxy.

Verify installation of folders and files

Verify that all the folders and files are installed under C:\Program Files\ForgeRock\Radius Agent.

The configuration settings are stored in appSettings.Production.json. If you modify the configuration settings directly from this file, you must restart the RADIUS service (via Windows Services). The service name is ForgeRock Radius Proxy.

Verify Windows RADIUS proxy functionality with RADIUS client

Once the Windows RADIUS proxy has been configured and installed on a Windows machine, it is important to test the setup.

Before beginning the verification process, make sure the following prerequisites are met:

  • The Windows RADIUS proxy is installed.

  • On a separate Windows machine, a test RADIUS client is installed. For example, NTRadPing.

    • Ensure the appropriate network connectivity is allowed between the two Windows machines. The default port is 1812 unless changed in the installation of the Windows RADIUS proxy.

  • Have a test account with a username and password.

Validate service is listening

To validate the service is listening, use a tool such as netstat on the Windows machine running the Windows RADIUS proxy:

netstat -ano | find "1812"

Test Windows RADIUS proxy with RADIUS client

To test with the RADIUS client, you must have the following information from the Windows RADIUS proxy installation:

  • Windows RADIUS proxy server and port.

  • RADIUS Secret.

  • Test account with username and password to use with the RADIUS client. Ensure the user account exists in the ForgeRock environment.

For this example, NTRadPing is used as a test RADIUS client; however, any other RADIUS client will work.

Test Windows RADIUS proxy with RADIUS client
See it in action
Verify RADIUS proxy via RADIUS client test
Figure 1. RADIUS client test with Windows RADIUS proxy via push
  1. Open desired RADIUS client, in this case, NTRadPing.

  2. Enter the Windows RADIUS proxy specific items. This includes the server, port, secret, and username and password for the test account.

  3. Click Send to initiate communication from the RADIUS client to the Windows RADIUS proxy.

  4. If the MFA method push was selected, for example, approve the login attempt from the ForgeRock Authenticator application.

    For push, users must pre-register as described in Prerequisites and Create push journey.

  5. Await a response from the Windows RADIUS proxy (server) that states Access-Accept.

Change Windows RADIUS proxy secret

Due to security reasons or change management, it can become necessary to change the secret you configured for the Windows RADIUS proxy (during the time of installation).

The installation path includes an executable to assist with the updating of the secret:

  1. Via Command Prompt, go to C:\Program Files\ForgeRock\Radius Agent on your Windows machine.

  2. Run the ConfigTool.exe file with the appropriate parameters:

    ConfigTool.exe set-secret --secret enterNewSecretHere

  3. A message such as `appsettings.Production.json` Updated Successfully! should appear.

  4. The Windows RADIUS proxy secret has now been updated.

Ensure to update the Windows RADIUS proxy on dependent applications utilizing the service.

Copyright © 2010-2022 ForgeRock, all rights reserved.