Re: Re-Authentication Woes
From: Tmccabe (Tmccabe_at_discussions.microsoft.com)
Date: 01/27/05
- Next message: Mike Adams: "Re: RADIUS does it really work?"
- Previous message: barry: "Re: WLAN + WPA + RADIUS"
- In reply to: Mark Gamache: "Re: Re-Authentication Woes"
- Next in thread: Mark Gamache: "Re: Re-Authentication Woes"
- Reply: Mark Gamache: "Re: Re-Authentication Woes"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 27 Jan 2005 09:53:03 -0800
Hi Mark-Thanks for responding.
The Wifi policy inside IAS included the user group "wireless" and the NAS
type IEEE 802.11 and "Wireless-other"
As for the machines being part of the "wireless user group - I have never
heard of that - how does one add a computer to a user group ?
"Mark Gamache" wrote:
> The long logon with wireless is probably due to not having machine certs, or
> not having the machine accounts part of the wireless user group. When the
> machine comes up and no one is logged in, it attempts to authenticate in the
> context of the machine account. If the machine account is denied access, it
> can take a while trying to find a connection causing delays in boot.
>
> As for the re auth errors. I'd take a close look at your remote access
> policy. Does the IAS server you are using have RA policy of just wireless
> or does it support other NAS types?
>
> --
> Mark Gamache
> Certified Security Solutions
>
>
> "Tmccabe" <Tmccabe@discussions.microsoft.com> wrote in message
> news:78444D73-5D4D-49EE-9F8D-DFADD925BC5E@microsoft.com...
> > We have several Cisco 1100 WAPs in our branch offices and we use a
> > centrally
> > located 2003 Standard Server in one city running IAS and Cert services for
> > PEAP authentication for wireless access.
> >
> > The WAPS are pointed to the IAS and Cert server and seem to be working
> > somewhat OK. It takes a long time to logon to the network via wireless (Im
> > running SP2) and I also get this re-authentication thing going on with no
> > apparent pattern.
> >
> > The connection seems to drop and the wireless NIC info tells me that its
> > trying to re-authenticate. After quite some time the wireless NIC show
> > connectivity again and the system log on the IAS and Cert server shows the
> > follwing entry several times a minute.
> >
> > "User domain\lshauf was denied access.
> > Fully-Qualified-User-Name = domain\lshauf
> > NAS-IP-Address = 10.25.1.2
> > NAS-Identifier = NBF_AP1
> > Called-Station-Identifier = 0012.00d6.e5b0
> > Calling-Station-Identifier = 000e.354c.fe9c
> > Client-Friendly-Name = NBF_AP1
> > Client-IP-Address = 10.25.1.2
> > NAS-Port-Type = Wireless - IEEE 802.11
> > NAS-Port = 186579
> > Proxy-Policy-Name = Wireless
> > Authentication-Provider = Windows
> > Authentication-Server = <undetermined>
> > Policy-Name = <undetermined>
> > Authentication-Type = EAP
> > EAP-Type = <undetermined>
> > Reason-Code = 48
> > Reason = The connection attempt did not match any remote access policy. "
> >
> > After a bunch of these entries in the system log the user gets
> > re-aunthenticated. It can happen a few times a day to several time a day.
> > It
> > happens in all our branches.
> >
>
>
>
- Next message: Mike Adams: "Re: RADIUS does it really work?"
- Previous message: barry: "Re: WLAN + WPA + RADIUS"
- In reply to: Mark Gamache: "Re: Re-Authentication Woes"
- Next in thread: Mark Gamache: "Re: Re-Authentication Woes"
- Reply: Mark Gamache: "Re: Re-Authentication Woes"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
