Re: PEAP auth with Verisign

From: Sam Salhi [MSFT] (samers_at_online.microsoft.com)
Date: 02/16/05 

Date: Tue, 15 Feb 2005 20:50:06 -0800

Looks like the username is not being cracked properly
Either the user name doesn't exist. or there are some additions to it that
are not allowing IAS to look it up in AD

Would it be possible to submit the tracing logs from ias (NETSH RAS SET
TRACING * EN) to enable tracing
Collect the logs from %windir%\tracing 

-- 
      =============================================
  This posting is provided "AS IS" with no warranties, and confers no rights
      =============================================
"symbol123" <seranky@sj.symbol.com> wrote in message 
news:030401c508c1$f868df60$a401280a@phx.gbl...
>I purchased a Verisign Class 3 WLAN server certificate
> and installed it on the MS Win2k3 RADIUS server. I then
> setup a Remote Access policy in IAS to do PEAP auth using
> this certificate.
> From my PPC device, I try to connect to the PEAP-enabled
> WLAN. The requests are reaching the IAS server but the
> authentication seems to be failing. Attached are messages
> from the Windows Event Log.
> Could not retrieve the Remote Access Server's certificate
> due to the  following error: The credentials supplied to
> the package were not recognized
>
> Access request for user RDEAP\test was discarded.
> Fully-Qualified-User-Name = <undetermined>
> NAS-IP-Address = 10.11.3.10
> NAS-Identifier = Symbol Access Point
> Called-Station-Identifier = 00a0f8b0aa65
> Calling-Station-Identifier = 00a0f8635eac
> Client-Friendly-Name = Symbol AP
> Client-IP-Address = 10.11.3.10
> NAS-Port-Type = Wireless - IEEE 802.11
> NAS-Port = 29
> Proxy-Policy-Name = <none>
> Authentication-Provider = <undetermined>
> Authentication-Server = <undetermined>
> Reason-Code = 1
> Reason = An internal error occurred. Check the system
> event log for additional information.
>
> The whole setup works if I use a server root certificate
> generated by IAS and copy it onto the PPC device and
> connect to the PEAP WLAN network.
>
> any thoughts on getting it work with a 3rd party CA cert ?

Relevant Pages

  • Re: Does WINDOWS 2003 IAS require Certificate services
    ... For PEAP, a server certificate is required. ... >>> PEAP _requires_ a server certificate on the IAS server. ...
    (microsoft.public.internet.radius)
  • Re: Remote access policy
    ... certificate and server certificate .I want to connect the wireless XP ... There is a Help topic in IAS Help that tells the minimum server cert ... This is correct -- the Help topic is "Network access authentication and ...
    (microsoft.public.internet.radius)
  • Enabling guest wi-fi access w/ IAS & Cisco APs ... ?
    ... user certificates deployed with Certificate Server. ... Enterprise root and subordinate certificate servers, built the IAS ... The problem we are running into is trying to setup the guest access ...
    (microsoft.public.internet.radius)
  • Re: IAS with PEAP and Airespace (now Cisco 1000)
    ... For what it's worth, we also tried using EAP-TLS (I changed the IAS, created ... >> I've gone over our configuration many times, ... > or they do not trust the CA that issued the server certificate to the IAS ...
    (microsoft.public.internet.radius)
  • Re: IAS Certificate Error
    ... >> RADIUS server ... >> I have bought a VERISGN certificate and installed it on the IAS ... click Edit Profile, then Authentication tab, then ...
    (microsoft.public.internet.radius)
Loading