IAS authentication protocols with VPN and Wi-Fi

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: MacAddict (MacAddict.1gnv10_at_mail.webservertalk.com)
Date: 12/02/04 

Date: Thu, 2 Dec 2004 08:20:23 -0600

We have a W2K IAS/Radius server with a authentication policy for VPN
users. Users in the domain must be in the VPN Users group to be able
to VPN.

Now we are trying to add Wi-fi access using a Cisco 1200 AP. It is set
to use the Radius server to authenticate the users.

Before doing anything on the IAS server, I would get an access denied
error due to: "Reason-Code = 66
Reason = The user attempted to use an unauthorized authentication
method" as it tried to use the VPN Users policy.

I figured that this was because the policy did not have EAP
authentication.

Then, we added another policy called Wireless Users and created a group
for it on the domain. This one had EAP selected as authentication and
had to be using wireless access.

When I tried to log in again with Wi-fi, it would still use the VPN
Users policy and deny me access for the same reason as before.

Also, with both policies, VPN users would be able to log in but they
could not access any resources on the network until the Wireless policy
was deleted.

Does anybody have any input?

At this point, we do not want to use certificates as we just want to
get it 'working' before we add another layer of complexity.

Thanks 

--
MacAddict
------------------------------------------------------------------------
Posted via http://www.webservertalk.com
------------------------------------------------------------------------
View this thread: http://www.webservertalk.com/message589637.html

Relevant Pages

  • Re: Handheld device remote networking issues into RAS
    ... I set "Store password using reverisble encryption for all users in the ... This is off by default in server 2003. ... >> The user domain\user failed an authentication attempt due to the ... >> password policy or the password settings on the user account. ...
    (microsoft.public.windows.server.networking)
  • Re: IAS authentication protocols with VPN and Wi-Fi
    ... In addition to the above, you might be matching the wrong policy, you might ... and Wireless users hit the wireless policy ... > We have a W2K IAS/Radius server with a authentication policy for VPN> users. ... Users in the domain must be in the VPN Users group to be able> to VPN. ...
    (microsoft.public.internet.radius)
  • Re: File Share Security
    ... If it is a W2K or Windows 2003 domain and all the computers that need access ... to the server are W2K/XP Pro you can use ... authentication though you can use certificates. ... secure server/require policy to the server being sure to exempt the domain ...
    (microsoft.public.win2000.security)
  • Re: Challenge for the great troubleshooters!
    ... >> The Security System detected an authentication error for the server ... >> This is either due to a bad username or authentication information. ... >> Windows cannot query for the list of Group Policy objects. ... >> Checked DNS settings ...
    (microsoft.public.windows.server.general)
  • Re: GPO Error on Default Domain Policy
    ... Interesting I have never seen that before on a dcdiag. ... > ensure that you can contact the server that authenticated you.. ... > code from authentication protocol Kerberos was "The handle specified is ... >>>I am getting an error with the Default Domain Policy in my domain. ...
    (microsoft.public.win2000.security)