Re: Wireless Re-Authentication
From: Sam Salhi [MSFT] (samers_at_online.microsoft.com)
Date: 02/16/05
- Next message: Sam Salhi [MSFT]: "Re: PEAP auth with Verisign"
- Previous message: Sam Salhi [MSFT]: "Re: Successful Authentication but NO IP Assignment"
- In reply to: Tmccabe: "Wireless Re-Authentication"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 15 Feb 2005 20:47:02 -0800
Change the policy to something like windows groups and see what happens. If
the problem goes away. I would contact the AP manufacturer to see why
they're not sending the right nas-port-type in their Radius requests to the
server
--
=============================================
This posting is provided "AS IS" with no warranties, and confers no rights
=============================================
"Tmccabe" <Tmccabe@discussions.microsoft.com> wrote in message
news:C080BC69-902C-474F-ADEE-CF04711D9490@microsoft.com...
>I have an issue where my users get their wieless connection dropped and the
> icon inthe tray will say "re-authenticating" or similar. I have a slew of
> system event log errors on my IAS server - 2 different types listed below.
> ----
> User FARM\lshauf was denied access.
> Fully-Qualified-User-Name = FARM\lshauf
> NAS-IP-Address = 10.25.1.2
> NAS-Identifier = NBF_AP1
> Called-Station-Identifier = 0012.00d6.e5b0
> Calling-Station-Identifier = 000e.354c.fe9c
> Client-Friendly-Name = NBF_AP1
> Client-IP-Address = 10.25.1.2
> NAS-Port-Type = Wireless - IEEE 802.11
> NAS-Port = 186579
> Proxy-Policy-Name = Wireless
> Authentication-Provider = Windows
> Authentication-Server = <undetermined>
> Policy-Name = <undetermined>
> Authentication-Type = EAP
> EAP-Type = <undetermined>
> Reason-Code = 48
> Reason = The connection attempt did not match any remote access policy.
>
> ------------------
> Error Type 2
>
> Access request for user host/LON440L.fbc.internal was discarded.
> Fully-Qualified-User-Name = fbc.internal/LON/LONlaptop/LON440L
> NAS-IP-Address = 10.40.2.3
> NAS-Identifier = LON_AP1
> Called-Station-Identifier = 0012.80e1.ded0
> Calling-Station-Identifier = 000e.354c.ebd8
> Client-Friendly-Name = LON_AP1
> Client-IP-Address = 10.40.2.3
> NAS-Port-Type = Wireless - IEEE 802.11
> NAS-Port = 19231
> Proxy-Policy-Name = wireless
> Authentication-Provider = Windows
> Authentication-Server = <undetermined>
> Reason-Code = 97
> Reason = The authentication request was not processed because it contained
> a Remote Authentication Dial-In User Service (RADIUS) message that was not
> appropriate for the secure authentication transaction.
>
> -----
>
> my wireless policy on the IAS server is simple. You have to be part of the
> domain wireless user group which contains the users and the computers.
>
> The connection request policy in the IAS settings contains the NAS types
> 802.11 and "other" as the only attribues. Do I need more entries inthe
> connection request policy ?
>
> I cant think of what else I need to do to fix theis re-athentication
> issue.
> Any help would be greatly appreciated.
- Next message: Sam Salhi [MSFT]: "Re: PEAP auth with Verisign"
- Previous message: Sam Salhi [MSFT]: "Re: Successful Authentication but NO IP Assignment"
- In reply to: Tmccabe: "Wireless Re-Authentication"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
