- Newest
- Most votes
- Most comments
When a RADIUS server receives a request there are only four different ways it can respond. It either sends back "Access Reject", "Access Challenge", "Access Accept", or it doesn't respond at all. For example if the "shared secret" is wrong then it does not send a reply. The awsfaketestuser test is verifying two things for us. The first is that we have network connectivity and the second is that the shared secret is correct. If either of those two fail then we get no reply back and the call times out. These are the two main reasons MFA setup can fail. In a successful test we are expecting to receive back a reply of "Access Reject". One way you can troubleshoot this is to turn on VPC flow logs to the ENI attached to the AD connector to see if the return traffic from your RADIUS server is reaching the AD connector.
Relevant content
- asked 6 years ago
- asked 3 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 6 months ago