Re-Authentication Woes

From: Tmccabe (Tmccabe_at_discussions.microsoft.com)
Date: 01/27/05

• Next message: Tmccabe: "Re: RADIUS does it really work?"
• Previous message: Tom Ranson: "IAS and EAP-TLS - Event log message (client cannot authenticate)"
• Next in thread: Mark Gamache: "Re: Re-Authentication Woes"
• Reply: Mark Gamache: "Re: Re-Authentication Woes"
• Messages sorted by: [ date ] [ thread ]

---

Date: Thu, 27 Jan 2005 07:47:07 -0800

We have several Cisco 1100 WAPs in our branch offices and we use a centrally
located 2003 Standard Server in one city running IAS and Cert services for
PEAP authentication for wireless access.

The WAPS are pointed to the IAS and Cert server and seem to be working
somewhat OK. It takes a long time to logon to the network via wireless (Im
running SP2) and I also get this re-authentication thing going on with no
apparent pattern.

The connection seems to drop and the wireless NIC info tells me that its
trying to re-authenticate. After quite some time the wireless NIC show
connectivity again and the system log on the IAS and Cert server shows the
follwing entry several times a minute.

"User domain\lshauf was denied access.
 Fully-Qualified-User-Name = domain\lshauf
 NAS-IP-Address = 10.25.1.2
 NAS-Identifier = NBF_AP1
 Called-Station-Identifier = 0012.00d6.e5b0
 Calling-Station-Identifier = 000e.354c.fe9c
 Client-Friendly-Name = NBF_AP1
 Client-IP-Address = 10.25.1.2
 NAS-Port-Type = Wireless - IEEE 802.11
 NAS-Port = 186579
 Proxy-Policy-Name = Wireless
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = <undetermined>
 Authentication-Type = EAP
 EAP-Type = <undetermined>
 Reason-Code = 48
 Reason = The connection attempt did not match any remote access policy. "

After a bunch of these entries in the system log the user gets
re-aunthenticated. It can happen a few times a day to several time a day. It
happens in all our branches.

---

• Next message: Tmccabe: "Re: RADIUS does it really work?"
• Previous message: Tom Ranson: "IAS and EAP-TLS - Event log message (client cannot authenticate)"
• Next in thread: Mark Gamache: "Re: Re-Authentication Woes"
• Reply: Mark Gamache: "Re: Re-Authentication Woes"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Aironet 1200/MS Radius Help - Yet Again ... Your collective help thus far has made me understand more about wireless ... RADIUS/IAS Server. ... I also got a certificate from verisign to install on one of the two IAS ... there are communications between the client and access ... (microsoft.public.internet.radius) Re: EAP-TLS Radius problem ... In this circumstance you have two choices to allow IAS to authenticate and ... The IAS server in Domain 1 forwards connection requests to a remote ... connection requests to another IAS server that is a Domain 2 member. ... Policy to all domain members as well as the cert of the root CA into ... (microsoft.public.internet.radius) Re: PEAP Authentication Issues ... > I have setup a wireless security environment using PEAP, ... > (RADIUS/IAS and MS Cert Service) with WPA on Cisco 1200 APs. ... The main issue is that you deployed a server certificate for the IAS server ... When you are plugging the clients into the Ethernet network, ... (microsoft.public.internet.radius) Re: PEAP auth with Verisign ... I'd also make sure that the client machine trusts the cert chain. ... You mentioned a root server cert that is generated by IAS. ... >I purchased a Verisign Class 3 WLAN server certificate ... (microsoft.public.internet.radius) Re: Aironet 1200/MS Radius Help - Yet Again ... >RADIUS/IAS Server. ... so what if my buddy comes on campus with his wireless ... check boxes of interest on the client side. ... >servers (do I need a separate certificate for the secondary IAS Server?) ... (microsoft.public.internet.radius)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)