Re: Peap Authentication fails after boot up

From: Xuemei Bao (xbao_at_online.microsoft.com)
Date: 04/30/04 

Date: Fri, 30 Apr 2004 11:56:50 -0700

can you send me eapol.log and rastls.log on the client machine? Thanks. 

-- 
=========================================================
This post is provided AS IS with no warranties, and confer no rights
=========================================================
"Brian" <anonymous@discussions.microsoft.com> wrote in message
news:7C365477-E696-4166-AAA8-F05CC98C2B38@microsoft.com...
> On boot up my clients frequently fail 802.1x authentication.  The AP is
forwarding packets between the client and IAS server but for some reason it
either times out or fails negotiation.  About 2 minutes after the client
fails is will successfully authenticate even though I have done nothing to
the configuration.  After it autheticates I can log on as any user and all
user successfully authenticates.
>
> Even if I create a brand new user which has no cached credentials on the
client and boot up the machine.  The user can log on to the domain so their
is initial communication but then the authentication fails and the wireless
connection is no longer available.
>
> Thank you for any help.
>
> Here is the log from my Cisco AP.  This line appears to be where the
failure starts "(EAP: Response not from most recent request (ID:
Expected=233, Actual=233)"
>
>
> RADIUS: Received packet for client 00904b1aa3e7
> RADIUS: Received Challenge Request
> RADIUS: Server's state attribute was saved
> RADIUS: Received session timeout request of 30 seconds
> RADIUS: Appending EAP attribute value of length 255
> RADIUS: Appending EAP attribute value of length 255
> RADIUS: Appending EAP attribute value of length 134
> RADIUS: Sending EAP-code=32/type=115(id=84) packet to client 00904b1aa3e7
> EAP: Received EAP-Response/EAP-PEAP(id=229) packet from client
00904b1aa3e7
> EAP: Forwarding packet to RADIUS server
> RADIUS: Received packet for client 00904b1aa3e7
> RADIUS: Received Challenge Request
> RADIUS: Server's state attribute was saved
> RADIUS: Received session timeout request of 30 seconds
> RADIUS: Sending EAP-Request/EAP-PEAP(id=230) packet to client 00904b1aa3e7
> EAP: Received EAP-Response/EAP-PEAP(id=230) packet from client
00904b1aa3e7
> EAP: Forwarding packet to RADIUS server
> RADIUS: Received packet for client 00904b1aa3e7
> RADIUS: Received Challenge Request
> RADIUS: Server's state attribute was saved
> RADIUS: Received session timeout request of 30 seconds
> RADIUS: Sending EAP-Request/EAP-PEAP(id=231) packet to client 00904b1aa3e7
> EAP: Received EAP-Response/EAP-PEAP(id=231) packet from client
00904b1aa3e7
> EAP: Forwarding packet to RADIUS server
> RADIUS: Received packet for client 00904b1aa3e7
> RADIUS: Received Challenge Request
> RADIUS: Server's state attribute was saved
> RADIUS: Received session timeout request of 6 seconds
> RADIUS: Sending EAP-Request/EAP-PEAP(id=232) packet to client 00904b1aa3e7
> Session-timeout for station 00904b1aa3e7
> RADIUS: Sending EAP-Request/Identity(id=233) packet to client 00904b1aa3e7
> EAP: Received EAP-Response/EAP-PEAP(id=232) packet from client
00904b1aa3e7
> EAP: Forwarding packet to RADIUS server
> EAP: Received EAP-Response/Identity(id=233) packet from client
00904b1aa3e7
> EAP: Response not from most recent request (ID: Expected=233, Actual=233)
>
> 05:04:10 (Warning): No EAP-Authentication response for Station
[10.10.10.101]009
> 04b1aa3e7 from server 10.10.10.1
> Could not get a secondary Server Serving 802.1x function.
>
> 05:04:10 (Info): Deauthenticating [10.10.10.101]00904b1aa3e7, reason
"Previous A
> uthentication No Longer Valid"
>
> 05:04:19 (Info): Disassociation from [10.10.10.101]00904b1aa3e7, reason
"Sender
> is Leaving (has left) BSS"

Relevant Pages

  • Peap Authentication fails after boot up
    ... Received packet for client 00904b1aa3e7 ... RADIUS: Received Challenge Request ... Received session timeout request of 30 seconds ...
    (microsoft.public.internet.radius)
  • Re: IAS server and access points
    ... I have actually been in touch with Netgear tech support on this ... IAS server from the access points and Ethereal marked the packets as ... out the wireless policy to all client pc's in a specific group. ... "A RADIUS message with the Code field set to 2, which is not valid, ...
    (microsoft.public.internet.radius)
  • Re: IAS server and access points
    ... I have actually been in touch with Netgear tech support on this ... IAS server from the access points and Ethereal marked the packets as ... out the wireless policy to all client pc's in a specific group. ... "A RADIUS message with the Code field set to 2, which is not valid, ...
    (microsoft.public.internet.radius)
  • Re: IAS server and access points
    ... logs to Netgear and made steps to return the AP's as not fit for purpose. ... wireless policy to all client pc's in a specific group. ... I get an occassional message on my IAS server that says "A RADIUS ...
    (microsoft.public.internet.radius)
  • Re: IAS and RADIUS accounting - what extra info does this log?
    ... > a log of several attributes involved in the authentication process. ... > IAS can only log accounting requests that the RADIUS client sends. ... > If the log does not contain accounting requests, ...
    (microsoft.public.internet.radius)
Loading