Overview

This is to check why a specific user is rejected during Authentication with a "no policy satisfied" error.

Solution

As a first step, track the user for which requests were rejected and check the error that is present in the Server Logs located in $HOME/AAA/logs. In this case, when checking for a specific user following error is observed:

22 Aug 2022 14:37:29,078 [ INFO  ] RAD-AUTH-1374 [BUDP]: Sending Response to 10.123.244.26:4525
    Packet Type: ACCESS_REJECT
    Identifier: 3
    Reply Message: No Policy Satisfied
    --Info Attributes
    Response-Time = 2

Here the NAS service the user has no RADIUS policy defined which is leading to the error.

If this is a newly added NAS, its NAS IP address should be configured in the appropriate radius service policy.