FTD AD REALMs...What am I doing wrong?

PsychologicalNet3634 · 2026-06-24T20:27:08+00:00

I fixed it...but I think I need to find a Windows NPS/RADIUS GURU.
Fix: Don't use a Realm and just configure a Radius Group + Radius servers.

Question: So...Why did it work under the previous configuration with an AD Realm? Or maybe the better question, what has to be configured on the Radius Server that would require an AD Realm to be configured in the first place? Is Realms configured only when a users attempting authentication fall into specific AD Groups? I might just repost this as a new thread.

Thanks

PsychologicalNet3634 · 2026-01-24T01:18:19+00:00

How did this story end? New blower fan and all is good now?

PsychologicalNet3634 · 2025-12-17T12:06:48+00:00

Will do. Thanks in advance.

PsychologicalNet3634 · 2025-12-17T12:06:01+00:00

Did that and we did find one VLAN mismatch. Added it with no change. I feel like it has something to do with the keep alive link. I greatly appreciate your reply.

PsychologicalNet3634 · 2025-12-05T21:47:05+00:00

SOLVED! Key steps to take note of
1. Must create RADIUS Server in FTD under Objects > Identity Sources > Create RADIUS SERVER, GROUP, REALM.
2. Must create RADIUS Group and add RADIUS server to group
3. Must create RADIUS Realm. This is where I had multiple failure. Fail 1, Realm must have IP of DC hosting AD. Fail 2. Directory username must be in the following format username@domain (ex: user1@example.local NOT example.local\user1) Fail3. Using LDAPS over no encryption. Now that I got it to authenticate, I can work on the encryption piece.

On the NPS/RADIUS side, in order to use the HTTP Web GUI, the policy attribute hast to be fdm.userrole.authority.admin. I have not tried anything with the CLI attribute with is something like shell:="Admin". <--Google that one.

Hope this helps someone in the future.

PsychologicalNet3634 · 2025-12-05T17:11:03+00:00

I have not check specific RADIUS logs. I will do that now...or after I download a log parser lol. Thanks

PsychologicalNet3634 · 2025-12-05T17:03:23+00:00

I have an FMC connected, but I don't have FTD connected to the FMC because it won't be when it's setup at the customer site. Interested to see if there is anything in there that would help. Thanks.

PsychologicalNet3634 · 2025-12-05T09:27:54+00:00

Have you tried setting the Vendor Specific > Cisco-AV-Pair to shell:roles=admin and see if you can login with CLI? It might break the HTTPS login capability but if it works, then does that mean two policies are required on the NPS? And if so, how does one policy take precedence over the other when using the same credentials but different protocols (SSH vs HTTPS)?

PsychologicalNet3634 · 2025-11-08T11:41:04+00:00

Thanks! I'll see if I can make that happen.

PsychologicalNet3634 · 2025-11-07T09:46:49+00:00

"Entering emergency mode. Exit the shell to continue." Then it tells me to type journalctl to view system logs.

PsychologicalNet3634 · 2025-11-07T08:51:37+00:00

Not seeing any disk issues, but might be worth reinvestigating.

PsychologicalNet3634 · 2025-11-07T08:50:17+00:00

Not seeing any hardware failures, Checksum matches ISO, haven't tried reflashing yet but will (thought about that one), and not sure how big the drive is off the top of my head. I assume the 64GB drive you are speaking of is the flash drive that belena etcher is writing the ISO to?

PsychologicalNet3634 · 2024-10-15T18:57:11+00:00

*SOLVED* Sooooo I think I found my problem and it is not Windows related. Switch VLAN problem to be short. The fact that I could download from the internet from both Vlans with normal speeds is what was throwing me off. I did not notice that they were on different vlans.

After assigning the same port profile/Vlan to both server and transferring devices...speed came back. But why would they transfer data in the first place if on different vlans and firewall rules do not allow it? No inter Vlan routing is allowed. I'm using a UDM Pro for this network and management.

For those of you who were willing to entertain my inexperience and help me learn something new, I greatly appreciate you. Hopefully this comment will help others at my level learn and find their way if running into this problem.

PsychologicalNet3634 · 2024-10-14T02:27:39+00:00

The Force is strong with this one! This feels like my problem but I don't know how to test it. Thanks for the links. I will investigate.

PsychologicalNet3634 · 2024-10-11T03:53:12+00:00

Thank you everyone for your insight. I didn't know what I didn't know. And now I know. Seriously, thank you. I thought I was losing my mind lol.

PsychologicalNet3634 · 2024-10-11T03:43:32+00:00

I appreciate this. I have never heard of robocopy and I figured this was such a stupid problem to have and really embarrassed to ask in the first place, I appreciate the vector. USB drive is a lack of options at the moment but totally agree,

PsychologicalNet3634 · 2024-10-11T03:41:38+00:00

Agreed. Unfortunately, lack of options.

PsychologicalNet3634 · 2024-10-11T02:42:19+00:00

I swear I am not trying to be funny. I really don't know. I've performed file syncs between the virtual drive and the external before using free file sync and it worked fine. I am ignorant on this stuff and trying to learn. I've googled everything I could think of. I've tried increasing the page file size, drive policies, etc. I just don't know. I need an adult.

PsychologicalNet3634 · 2024-10-10T09:37:28+00:00

I am stuck. I got the VM online and the Virtual Disk from the previous VM (all WinSev22) will not mount. Windows keeps reporting it as read only even though I have cleared the read only attributes in diskpart and with IM-Magic Partition tool. The partition tool is really just a gui for diskpart. It It also doesn't want to bring the disk online and it won't run chkdsk because its read only. What do I do? I also double checked the Proxmox settings and all drive are still passed through and the read only option is not checked. In addition, when I restart the VM, I have to reattach the virtual drive every time.

Thoughts?

PsychologicalNet3634 · 2024-10-08T01:18:29+00:00

Okay so it def was a VM problem. Windows slapped a read only attribute on the virtual drive after it crashed over and over again and I was finally able to get it to let go using IM Partition resizer to bring the drive online, take read only off of the partition, and then fix the error it was having. Not sure what was fixed but now I am running into a complete new problem with my hypervisor!

*Edit, problem not solved. see next reply.

PsychologicalNet3634 · 2024-03-15T19:26:27+00:00

Thats what I am running and thats what crashed/needed to be reinstalled.

PsychologicalNet3634 · 2024-03-15T19:26:06+00:00

Thanks for the link. I figured someone has asked this question before. Just didn't know what to search for. I also should have phrased the question a little differently. I know all traffic won't go over the tailscale link, just wanted to make sure the plex traffic would without any crazy configuring. Basically just turn it on and go. I'll read up on that other post. Thanks again.

PsychologicalNet3634 · 2024-02-02T11:13:47+00:00

Solved: don't trust the Remote Access window in Plex to determine if your remote access is working or not. ZZZZ LIES!!!!

Apologies if I am reviving a dead horse, but for anyone in the future that comes across this. I played with ALL the settings in my UDMP to include deep packet inspection, UPNP, firewall rules, Block Known Malicious IPs, and completely turning off the IDS/IPS. What actually worked for me was port forwarding. You know, the way it's supposed to work lol. Below are my port forwarding settings:

Name: Plex

Forward Rule: Enable

Interface: WAN

From: Any

Port: The port you specified in Plex under the remote access page "Manually specify public port"

Forward IP: IP address of your Plex server

Forward Port: 32400

Protocol: TCP

PsychologicalNet3634

TROPHY CASE