Re: PEAP error message with CA and IAS
From: Sam Salhi [MSFT] (samers_at_online.microsoft.com)
Date: 10/12/04
- Next message: James McIllece [MS]: "Re: Creating 802.1X Workstation Authentication Certificates for NON-domain XP/W2KSP4 clients..."
- Previous message: Sam Salhi [MSFT]: "Re: IAS & DHCP"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 12 Oct 2004 09:00:47 -0700
Dragging and dropping will not move the private keys of the certificate.
That's why things would fail
You must export/import
--
=============================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
=============================================
"Peter K" <peter.kloutsiniotis@unisa.edu.au> wrote in message
news:014301c48be6$6105de50$7d02280a@phx.gbl...
>
> This is interesting as we've been having the same problem
> and our Microsoft support person has said we can drag and
> drop from the personal store to the local machine
> store....IAS recognizes the Cert however we can't auth
> via PEAP but EAP/MD5 works fine, so it can't be a backend
> problem..(hope not)...
>
> I'll try exporting the cert now....
>
> Bst Rgds,
>
> Peter.
>
>>-----Original Message-----
>>Hi John --
>>
>>Dragging and dropping a cert using the Certificates MMC
> won't do the trick
>>-- if you move the cert you must export it and then
> import it into the
>>store.
>>
>>
>>
>>
>>"Yon Tha Yuggler" <praetorian7x-news@yahoo.com> wrote in
>>news:VJudnTL68I1krIDcRVn-qA@giganews.com:
>>
>>> James,
>>>
>>> Thanks in advance for your assistance, as well as that
> which you have
>>> already provided.
>>>
>>> The certificate appears to be in the Local Computer
> store for the
>>> RADIUS server.
>>> Of the 10 stores in each of Local Computer and Current
> User in the
>>> Certificates MMC:
>>> + Personal
>>> + Trusted Root Certification Authorities
>>> + Enterprise Trust
>>> + Intermediate Certification Authorities
>>> + Trusted Publishers
>>> + Untrusted Certificates
>>> + Third-party Root Certification Authorities
>>> + Trusted People
>>> + Certificate Enrollment Requests
>>> + SPC
>>> The only location of the certificate that will allow
> me to configure
>>> PEAP under IAS is Personal under local computer. (I
> have moved the
>>> certificate into every store via drag/drop in the
> Certificates MMC,
>>> experimenting with this.)
>>>
>>> I have placed the certificate, as well as my own root
> CA cert, both in
>>> base64 form on my FTP server: "www dot gswc dot us" if
> you would like
>>> to take a look at them. GSW-CA is a trusted root
> authority.
>>>
>>> It appears that the client accepts the certificate OK.
> I just get a
>>> IAS_AUTH_FAILED when the users tries to authenticate.
>>>
>>> Is this IAS_AUTH_FAILED a red herring?
>>>
>>>
>>> Molto obbligato!
>>> --John
>>> praetorian7x-news@yahoo.com
>>>
>>> "James McIllece [MS]" <jamesmci@online.microsoft.com>
> wrote in message
>>>
> news:Xns95439BE321DD2jamesmcionlinemicros@207.46.248.16...
>>>> yonthayuggler@yahoo.com (YonThaYuggler) wrote in
>>>> news:c6d2853b.0408120633.65dc4b61@posting.google.com:
>>>>
>>>> > James (McIllece),
>>>> >
>>>> > Regarding:
>>>> >
>>>> >> Is your IAS server registered in AD? If not, see
> the Help topic
>>>> >> "To enable the IAS server to read user accounts in
> Active
>>>> >> Directory"
>>>> >
>>>> > I beleive that it is registered. In the IAS MMC, I
> have right
>>>> > clicked and chose "Register service in Active
> Directory", and It
>>>> > appears that IAS can read AD OK, as it correctly
> resolves the
>>>> > Fully-Qualified-User-Name from my login ID.
>>>> >
>>>> > The error I am getting (IAS_AUTH_FAILURE) in the
> System Event log
>>>> > is indicated here:
>>>> >
>>>> > <event log snippet begin>
>>>> > NAS-Port-Type = 19
>>>> > NAS-Port = 54
>>>> > Policy-Name = 802.11 wireless
>>>> > Authentication-Type = EAP
>>>> > EAP-Type = <undetermined>
>>>> > Reason-Code = 16
>>>> > Reason = There was an authentication failure
> because of an
>>>> > unknown
>>>> > user name or a bad password.
>>>> > <event log snippet end>
>>>> >
>>>> > Not using any realm replacements, and I do have
> reversible
>>>> > encryption enabled for passwords in GP, and have
> changed my
>>>> > password to update the store with the reversible
> version.
>>>> >
>>>>
>>>> Another IAS team member read through your posts and
> says that your
>>>> cert is in the wrong location -- so you need to open
> the certificates
>>>> MMC, export the cert, then import the cert into the
> Local Computer
>>>> cert store. (It is probably in the Current User cert
> store.)
>>>>
>>>> That should solve the problem. If not, let me know.
>>>>
>>>> --
>>>> James McIllece, Microsoft
>>>>
>>>> Please do not send email directly to this alias.
> This is my online
>>> account
>>>> name for newsgroup participation only.
>>>>
>>>> This posting is provided "AS IS" with no warranties,
> and confers no
>>> rights.
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>--
>>James McIllece, Microsoft
>>
>>Please do not send email directly to this alias. This
> is my online account
>>name for newsgroup participation only.
>>
>>This posting is provided "AS IS" with no warranties, and
> confers no rights.
>>.
>>
- Next message: James McIllece [MS]: "Re: Creating 802.1X Workstation Authentication Certificates for NON-domain XP/W2KSP4 clients..."
- Previous message: Sam Salhi [MSFT]: "Re: IAS & DHCP"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
