How to troubleshoot the local RADIUS/TACACS+ instance using SSH

In this topic, you will learn how to troubleshoot problems with the operation of the local RADIUS or local TACACS+ instance in a virtual machine by using the PuTTY application, the SSH protocol, and Linux shell commands.

Note: This procedure applies only to local RADIUS or local TACACS+ running on a virtual machine, not in a container. It is not possible to SSH into a container. If you use a Docker container, SSH to the Docker host, and run the docker attach command to connect the container’s standard output to the host. Alternatively, you can use the docker exec command to execute commands within a given docker container.

The local RADIUS/TACACS+ runs on Linux, so you can use base Linux shell commands to troubleshoot it. For more information about local RADIUS, see the following topic: How do local RADIUS servers work?. For more information about local TACACS+, see the following topic: How does the Portnox Cloud TACACS+ service work?.

Connect to the virtual machine using PuTTY

In this section, you will learn how to configure the local RADIUS or local TACACS+ instance to work with SSH and then how to connect to it using the PuTTY application (for Windows).

  1. Make sure that the Enable SSH checkbox is active in the local RADIUS configuration or the TACACS+ configuration.

  2. Connect to the instance using the PuTTY application:
    1. In local RADIUS/TACACS+ instance configuration, click on the Download PuTTY SSH key link.

    2. Download and install the PuTTY Windows application. Then, run PuTTY.
    3. In the PuTTY configuration window, go to Connection > SSH > Auth > Credentials and in the Private key file for authentication, select the PuTTY SSH key (private.ppk) that you downloaded earlier.

    4. Go back to the Session setting, and in the Host Name (or IP address) field, enter the host name or the IP address of the local RADIUS/TACACS+ instance.
    5. Optional: In the Saved Sessions field, enter a name for this session, for example, Local RADIUS or Local TACACS+, and then click on the Save button to save these settings for later.
    6. Click on the Open button to connect.
    7. At the login as: prompt, type tc and press the Enter key.

  3. Optional: If the above step returns an error, do as follows:
    Note: Do this if you get errors in PuTTY such as: Unable to load private key (createkey failed), Permission denied, or No supported authentication methods available (server sent: publickey).
    1. In local RADIUS/TACACS+ instance configuration, click on the Download private SSH key link.

    2. Run the PuTTYgen application, which is part of the PuTTY package.

    3. In PuTTYgen, select the Conversions > Import key menu option.

    4. Click on the Save private key button.

    5. In the PuTTYgen Warning window, click on the Yes button.

    6. Save the exported .ppk file on your local disk, for example, as private.ppk. Then, go back to the previous step and use this file as your key file.

Troubleshoot using Linux commands

In this section, you will learn what Linux commands to use to troubleshoot the RADIUS or local TACACS+ virtual machine instance.

  • Show CPU and memory usage refreshed in real-time: 
    top
  • Show syslog in real-time: 
    tail -f /var/log/messages
  • Show the entire syslog with the ability to scroll through it: 
    cat /var/log/messages | less
  • You can also view the temporary log file located in the following location: /mnt/sda1/tce/portnox/log. However, this log file rarely contains useful troubleshooting information.
  • To increase the level of detail shown in the logs, you can run the local RADIUS instance in debug mode: 
    sudo killall radiusd || sudo radiusd -X
    sudo killall portnoxRadDaemon || sudo portnoxRadDaemon -d