Re: Computer authentication doesn't work with PEAP ?
From: Sam Salhi [MSFT] (samers_at_online.microsoft.com)
Date: 02/19/04
- Next message: Sam Salhi [MSFT]: "Re: IAS Security"
- Previous message: Sam Salhi [MSFT]: "Re: IAS Service does't start"
- In reply to: Claude.Gauthard_at_mcdonalds.fr: "Computer authentication doesn't work with PEAP ?"
- Next in thread: Claude.Gauthard_at_mcdonalds.fr: "Re: Computer authentication doesn't work with PEAP ?"
- Reply: Claude.Gauthard_at_mcdonalds.fr: "Re: Computer authentication doesn't work with PEAP ?"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 19 Feb 2004 14:15:05 -0800
It looks like your computer is authenticating EAP-TLS instead of PEAP; and
you have not enabled that on the IAS server
You have 2 options: Change to PEAP or Add EAP-TLS to the list of
authentication protocols your IAS server supports
-- =========================================================== This posting is provided "AS IS" with no warranties and confers no rights =========================================================== <Claude.Gauthard@mcdonalds.fr> wrote in message news:OxydP6u9DHA.2472@TK2MSFTNGP10.phx.gbl... > We have the following configuration : > > - Wireless AP : Cisco AP1231 configured with WPA, 802.1x authentication is > MSCHAP-V2 > - clients : Windows XP SP1 with patch for WPA > - Wireless adaptor : cisco Aironet 5GHz or D-link Airpro DWL-AB650 with > latest drivers and firmware supporting WPA > - Radius server : Windows 2003 server with IAS and proper certificate > installed > - Active Directory : Windows 2000 in mixed mode > > User authentication works fine as shown below : > > User (myself) was granted access. > Fully-Qualified-User-Name = ourdomain/Guyancourt/Dept > Informatique/Users/myself > NAS-IP-Address = 192.168.56.72 > NAS-Identifier = ap > Client-Friendly-Name = Switch_AP1200_3sud_02 > Client-IP-Address = 192.168.56.72 > Calling-Station-Identifier = 000a.f4f3.4ba0 > NAS-Port-Type = Wireless - IEEE 802.11 > NAS-Port = 641 > Proxy-Policy-Name = Use Windows authentication for all users > Authentication-Provider = Windows > Authentication-Server = <undetermined> > Policy-Name = test wireless bogdan > Authentication-Type = PEAP > EAP-Type = Secured password (EAP-MSCHAP v2) > > However computer authentication is always rejected : > > User host/PCxxxx.ourdomain was denied access. > Fully-Qualified-User-Name = ourdomain/Guyancourt/Dept > Informatique/Computers/PCxxxx > NAS-IP-Address = 192.168.56.72 > NAS-Identifier = ap > Called-Station-Identifier = 000e.384a.246f > Calling-Station-Identifier = 000a.f4f3.4ba0 > Client-Friendly-Name = Switch_AP1200_3sud_02 > Client-IP-Address = 192.168.56.72 > NAS-Port-Type = Wireless - IEEE 802.11 > NAS-Port = 545 > Proxy-Policy-Name = Use Windows authentication for all users > Authentication-Provider = Windows > Authentication-Server = <undetermined> > Policy-Name = Connections to other access servers > Authentication-Type = EAP > EAP-Type = <undetermined> > Reason-Code = 66 > Reason = The user attempted to use an authentication method that is not > enabled on the matching remote access policy. > > When the computer boots computer authentication is attempted several > times, fails, and a couple of minutes later user authentication is > attempted which succeeds. > If this can be of any help, I had a look at the request packet with Netmon > and the EAP identifier which is passed to IAS has a value of 2 for > computer authentication. > > Any idea ? >
- Next message: Sam Salhi [MSFT]: "Re: IAS Security"
- Previous message: Sam Salhi [MSFT]: "Re: IAS Service does't start"
- In reply to: Claude.Gauthard_at_mcdonalds.fr: "Computer authentication doesn't work with PEAP ?"
- Next in thread: Claude.Gauthard_at_mcdonalds.fr: "Re: Computer authentication doesn't work with PEAP ?"
- Reply: Claude.Gauthard_at_mcdonalds.fr: "Re: Computer authentication doesn't work with PEAP ?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
