Why IAS get stuck on authenticating PEAP (MS-CHAP2) clients
From: Velio Ivanov (v.ivanov_at_cwn-berlin.com)
Date: 02/11/05
- Previous message: Peter: "Re: WPA and GPO?"
- Next in thread: Sudhakar Pasupuleti [MSFT]: "Re: Why IAS get stuck on authenticating PEAP (MS-CHAP2) clients"
- Reply: Sudhakar Pasupuleti [MSFT]: "Re: Why IAS get stuck on authenticating PEAP (MS-CHAP2) clients"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 11 Feb 2005 11:34:52 +0100
Hi there,
We are trying to implement PEAP (MS-CHAP2) security authentication using IAS
on
Win 2003 (Enterprise Edition), Win XP clients and Cisco 1200 Aironet.
On Win 2003 we have DNS, AD and CA and IAS (RADIUS). We don't use
DHCP because our clients have public, static IPs.
When we try to connect to network we are constantly stucked on
Authentication
process. There is no any log in Win 2003 Event Log - neither success, nor
failure.
We have enabled trace of RAS to get more information about, but it is still
not
clear what is wrong. It seems like IAS has authenticated the user and
session has
been created, but at that point authentication stucks.
Any help will be greatly appriciated!
Here is the some sequence from iassam log file (blank line between is for
convenience):
[3068] 02-11 10:55:20:109: NT-SAM Names handler received request with user
identity adam.smith.
[3068] 02-11 10:55:20:109: Prepending default domain.
[3068] 02-11 10:55:20:109: NameMapper::prependDefaultDomain
[3068] 02-11 10:55:20:109: SAM-Account-Name is "MyDomain\MyUser".
[3068] 02-11 10:55:20:109: NT-SAM Authentication handler received request
for MyDomain\MyUser.
[3068] 02-11 10:55:20:109: Validating Windows account MyDomain\MyUser.
[3068] 02-11 10:55:20:109: Sending LDAP search to MyComputer.MyDomain.com.
[3068] 02-11 10:55:20:109: Successfully validated account.
[3068] 02-11 10:55:20:109: NT-SAM EAP handler received request.
[3068] 02-11 10:55:20:109: No State attribute present. Creating new session.
[3068] 02-11 10:55:20:109: Allowed EAP type: 25
[3068] 02-11 10:55:20:109: Successfully created new EAP session for user
MyDomain\MyUser.
[3068] 02-11 10:55:20:109: Setting max. packet length to 1396.
[3068] 02-11 10:55:20:125: Processing output from EAP DLL.
[3068] 02-11 10:55:20:125: Inserting outbound EAP-Message of length 6.
[3068] 02-11 10:55:20:125: Issuing Access-Challenge.
[396] 02-11 10:55:24:203: NT-SAM Names handler received request with user
identity adam.smith.
[396] 02-11 10:55:24:203: Prepending default domain.
[396] 02-11 10:55:24:203: NameMapper::prependDefaultDomain
[396] 02-11 10:55:24:203: SAM-Account-Name is "MyDomain\MyUser".
[396] 02-11 10:55:24:203: NT-SAM Authentication handler received request for
MyDomain\MyUser.
[396] 02-11 10:55:24:203: Validating Windows account MyDomain\MyUser.
[396] 02-11 10:55:24:203: Sending LDAP search to MyComputer.MyDomain.com.
[396] 02-11 10:55:24:203: Successfully validated account.
[396] 02-11 10:55:24:203: NT-SAM EAP handler received request.
[396] 02-11 10:55:24:203: No State attribute present. Creating new session.
[396] 02-11 10:55:24:203: Allowed EAP type: 25
[396] 02-11 10:55:24:203: Successfully created new EAP session for user
MyDomain\MyUser.
[396] 02-11 10:55:24:203: Setting max. packet length to 1396.
[396] 02-11 10:55:24:218: Processing output from EAP DLL.
[396] 02-11 10:55:24:218: Inserting outbound EAP-Message of length 6.
[396] 02-11 10:55:24:218: Issuing Access-Challenge.
[3068] 02-11 10:55:28:359: NT-SAM Names handler received request with user
identity adam.smith.
[3068] 02-11 10:55:28:359: Prepending default domain.
[3068] 02-11 10:55:28:359: NameMapper::prependDefaultDomain
[3068] 02-11 10:55:28:359: SAM-Account-Name is "MyDomain\MyUser".
[3068] 02-11 10:55:28:359: NT-SAM Authentication handler received request
for MyDomain\MyUser.
[3068] 02-11 10:55:28:359: Validating Windows account MyDomain\MyUser.
[3068] 02-11 10:55:28:359: Sending LDAP search to MyComputer.MyDomain.com.
[3068] 02-11 10:55:28:375: Successfully validated account.
[3068] 02-11 10:55:28:375: NT-SAM EAP handler received request.
[3068] 02-11 10:55:28:375: No State attribute present. Creating new session.
[3068] 02-11 10:55:28:375: Allowed EAP type: 25
[3068] 02-11 10:55:28:375: Successfully created new EAP session for user
MyDomain\MyUser.
[3068] 02-11 10:55:28:375: Setting max. packet length to 1396.
[3068] 02-11 10:55:28:375: Processing output from EAP DLL.
[3068] 02-11 10:55:28:375: Inserting outbound EAP-Message of length 6.
[3068] 02-11 10:55:28:375: Issuing Access-Challenge.
- Previous message: Peter: "Re: WPA and GPO?"
- Next in thread: Sudhakar Pasupuleti [MSFT]: "Re: Why IAS get stuck on authenticating PEAP (MS-CHAP2) clients"
- Reply: Sudhakar Pasupuleti [MSFT]: "Re: Why IAS get stuck on authenticating PEAP (MS-CHAP2) clients"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
