PEAP with MS-CHAPv2 authentication on IAS

---

• From: "Ed" <ed.posch@xxxxxxxxx>
• Date: 7 Mar 2006 01:32:34 -0800

---

Hi!

I want to set up RADIUS Authentication with PEAP and MS-CHAPv2 with an
IAS. The IAS is running on a Windows 2000 Server with SP4 and my
Clients are Windows XP with SP2. The Switch I'm using is a 3Com
Superstack 3848.
My problem is, that the Autentication isn't running correctly. The IAS
throws the following Error in the Eventlog:

Event Type: Error
Event Source: IAS
Event Category: None
Event ID: 3
Date: 3/3/2006
Time: 09:59:29
User: N/A
Computer: ********
Description:
Access request for user "DOMAIN\user" was discarded.
Fully-Qualified-User-Name = <undetermined>
NAS-IP-Address = 172.21.0.22
NAS-Identifier = NW-TOP1/30
Called-Station-Identifier = <not present>
Calling-Station-Identifier = <not present>
Client-Friendly-Name = testswitch
Client-IP-Address = 172.21.0.22
NAS-Port-Type = Ethernet
NAS-Port = 13
Reason-Code = 97
Reason = The authentication request was dropped because it contained
an unexpected packet.

I was looking everywhere and couldn't find an answer to my problem. I
also protocolled the Traffic between the RADIUS and the switch and the
package type the Switch is sending (when sending the Identity) is
"Identity [RFC3748]" and the Access Challenge from the RADIUS is "PEAP
[Palekar]". I don't know if this has anything to do with my problem,
but maybe anyone can help me.

Thx in advance,
Ed

.

---

• Follow-Ups:
  • Re: PEAP with MS-CHAPv2 authentication on IAS
    • From: Ed

• Prev by Date: Multiple values in one policy condition?
• Next by Date: Re: Dummies Guide for RADIUS/Certs
• Previous by thread: Multiple values in one policy condition?
• Next by thread: Re: PEAP with MS-CHAPv2 authentication on IAS
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: 802.1x Authentication ... I have a switch Catalyst ... Log in IAS indicate "signature attribute is not ... Because the documentation of Cisco say this switch use EAPOL ... MVP - Windows Networking ... (microsoft.public.windowsxp.network_web) Re: 802.1x log off? ... windows does not send a log-off to IAS, but its 802.1x EAP state machine ... > I presumed that windows would send an EAP-logoff message to the IAS server ... > the IAS server using the 'xp balloon' on the bottom of the screen. ... (microsoft.public.internet.radius) Re: IAS 2003 Connection Request Policies ... why should Microsoft IAS be so difficult? ... for Linux and Radiator for Windows) and they are very inexpensive. ... > not referred to as authentication since MAC address is public information ... > connect as a Windows guest account. ... (microsoft.public.internet.radius) Re: IAS issues ... I was wondering if anyone has run into any issues with SP1 for windows ... Windows 2003 IAS ... "A LDAP connection with domain controller server.test.com for domain ... I asked the product team to review your problem and this is their response: ... (microsoft.public.internet.radius) Re: Proxy IAS on Windows 2003 ... Windows 2003 IAS has the ability to proxy and load balance. ... > Can I implement a Proxy radius on a Windows 2003> server, to connect IAS servers on Windows 2000 DCs on each> forest? ... (microsoft.public.internet.radius)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)