- 최신
- 최다 투표
- 가장 많은 댓글
Hello! Managed AD attempts to communicate with the RADIUS server over UDP 1812 by default, sends a "awsfakeuser" authentication request and expects a "Access-Reject" message back from RADIUS. If Managed AD does not receive a response, or receives a different response other than "Access-Reject", MFA will fail to enable.
Ensure that UDP 1812 is allowed both inbound and outbound on the Directory Service's security group. Also ensure that the FreeRADIUS instance allows the traffic. Check the FreeRADIUS logs to ensure the traffic is received and that it sends a response back. You can also create a VPC Flow Log [1] to monitor the packets seen from the AWS side, or do a packet capture on the FreeRADIUS side. I have personally tested the guide you are using and can confirm it works.
If you still run into issues, please open a new support case with us and we will be ready to assist you.
