Re: problem with 802.1x authenticating
From: Jan-Erik (Jan-Erik.177igq_at_mail.webservertalk.com)
Date: 06/01/04
- Next message: Niklas: "Re: problem with 802.1x authenticating"
- Previous message: Niklas: "problem with 802.1x authenticating"
- In reply to: Niklas: "problem with 802.1x authenticating"
- Next in thread: Niklas: "Re: problem with 802.1x authenticating"
- Reply: Niklas: "Re: problem with 802.1x authenticating"
- Reply: Niklas: "Re: problem with 802.1x authenticating"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 1 Jun 2004 17:49:00 -0500
Hi Niklas,
Have you enabled tracing at the IAS?
Command: netsh ras set tracing * enabled
Then you can see much more of what happens in the "background".
You can also look in the Wireless Monitor snap-in for the MMC at the XP
computer.
It has helped me :-) /Jan-Erik
Niklas wrote:
> *Hi,
> XP client running wzc (WPA with radius)
> AP setup to use radius
> Windows 2000 server using IAS for authentication and accounting.
> using MS-CHAP v2 to authenticate against AD
>
> I have set up everything as it should (but missing something since it
> isn't
> working) as stated in "Enterprise deployment of windows-based IEEE
> 802.11
> Networks"
>
> I also looked at the post by Lars M. Hansen about the D-Link 624 and
> WPA/RADIUS support?
> and everything seems as it should work.
>
> I have set up the CA and have through auto enrollment received the
> computer
> certificate on the client.
> Have set up the IAS with a radius-client pointing to my access
> point.
> Have created a remote access policy "NAS-port-type" IEEE 802.11 OR
> Wireless - other"
> and also have a group added with my user in it, the user has access
> granted
> on the dial-up tab
>
> If I start the wzc on the client, eathereal starts monitoring EAP
> messages.
> I don't get any error or warning in the event viewer on the server.
> but the EAP doesn't succeed and thus doesn't start sending EAPOL
> messages
>
> if I remove myself from the wireless group that is added in the
> remove
> access policy I get a warning, in the event viewer
>
> Event Type: Warning
> Event Source: IAS
> Event Category: None
> Event ID: 2
> Date: 2004-05-26
> Time: 13:38:09
> User: N/A
> Computer: Server
> Description:
> User myDomain\myUser was denied access.
> Fully-Qualified-User-Name = myDomain\myUser
> NAS-IP-Address = 192.168.0.27
> NAS-Identifier = 0030bd9da2db
> Called-Station-Identifier = 0030bd9da2db
> Calling-Station-Identifier = 0006254a52c4
> Client-Friendly-Name = Belkin AP
> Client-IP-Address = 192.168.0.27
> NAS-Port-Type = 19
> NAS-Port = 220
> Policy-Name = <undetermined>
> Authentication-Type = EAP
> EAP-Type = <undetermined>
> Reason-Code = 48
> Reason = The user's information did not match a Remote Access
> Policy.
>
> but as soon as I add myself to the group again I don't get this
> warning.
>
> I don't know where the authentication fails, anyone that has an idea
> about
> what I should try/check?
>
> thanks
> /Niklas *
-- Jan-Erik ------------------------------------------------------------------------ Posted via http://www.webservertalk.com ------------------------------------------------------------------------ View this thread: http://www.webservertalk.com/message247391.html
- Next message: Niklas: "Re: problem with 802.1x authenticating"
- Previous message: Niklas: "problem with 802.1x authenticating"
- In reply to: Niklas: "problem with 802.1x authenticating"
- Next in thread: Niklas: "Re: problem with 802.1x authenticating"
- Reply: Niklas: "Re: problem with 802.1x authenticating"
- Reply: Niklas: "Re: problem with 802.1x authenticating"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
