problem with 802.1x authenticating
From: Niklas (niklas_at_NOSPAMhotmail.com)
Date: 06/01/04
- Previous message: Florian Böswirth: "Re: 802.1x and DHCP Failure"
- Next in thread: Jan-Erik: "Re: problem with 802.1x authenticating"
- Reply: Jan-Erik: "Re: problem with 802.1x authenticating"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 1 Jun 2004 15:01:16 +0200
Hi,
XP client running wzc (WPA with radius)
AP setup to use radius
Windows 2000 server using IAS for authentication and accounting.
using MS-CHAP v2 to authenticate against AD
I have set up everything as it should (but missing something since it isn't
working) as stated in "Enterprise deployment of windows-based IEEE 802.11
Networks"
I also looked at the post by Lars M. Hansen about the D-Link 624 and
WPA/RADIUS support?
and everything seems as it should work.
I have set up the CA and have through auto enrollment received the computer
certificate on the client.
Have set up the IAS with a radius-client pointing to my access point.
Have created a remote access policy "NAS-port-type" IEEE 802.11 OR
Wireless - other"
and also have a group added with my user in it, the user has access granted
on the dial-up tab
If I start the wzc on the client, eathereal starts monitoring EAP messages.
I don't get any error or warning in the event viewer on the server.
but the EAP doesn't succeed and thus doesn't start sending EAPOL messages
if I remove myself from the wireless group that is added in the remove
access policy I get a warning, in the event viewer
Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 2004-05-26
Time: 13:38:09
User: N/A
Computer: Server
Description:
User myDomain\myUser was denied access.
Fully-Qualified-User-Name = myDomain\myUser
NAS-IP-Address = 192.168.0.27
NAS-Identifier = 0030bd9da2db
Called-Station-Identifier = 0030bd9da2db
Calling-Station-Identifier = 0006254a52c4
Client-Friendly-Name = Belkin AP
Client-IP-Address = 192.168.0.27
NAS-Port-Type = 19
NAS-Port = 220
Policy-Name = <undetermined>
Authentication-Type = EAP
EAP-Type = <undetermined>
Reason-Code = 48
Reason = The user's information did not match a Remote Access Policy.
but as soon as I add myself to the group again I don't get this warning.
I don't know where the authentication fails, anyone that has an idea about
what I should try/check?
thanks
/Niklas
- Previous message: Florian Böswirth: "Re: 802.1x and DHCP Failure"
- Next in thread: Jan-Erik: "Re: problem with 802.1x authenticating"
- Reply: Jan-Erik: "Re: problem with 802.1x authenticating"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
