WLAN authentication sometimes fail
- From: waldo6@xxxxxxxxx
- Date: Wed, 20 Sep 2006 11:53:42 +0000 (UTC)
I have a problem that I have been struggling with for many days now. I have set up a wireless network in our office. The configuration looks like this:
* 1 Cisco Aironet 1242 accesspoint
WPA/TKIP
Authenticating with a RADIUS server (IAS) on the same subnet
* 1 Windows Server 2003 R2, Domain Controller and running IAS
Access policy set up using the wizard for wireless access to all within a specific group
Enabled authentication for MS-CHAP v2 and EAP method PEAP
Selected a valid SSL-wildcard-cert for the server under PEAP-settings and added EAP-MSCHAP v2 as "EAP Type"
All encryption methods accepted except "No encryption"
* 1 Windows XP SP2 that is not a member of the domain. Wireless configuration, WPA, TKIP, PEAP and unchecked "use windows default logon"
I set up a connection using Windows Wireless configuration and it works, I get a pop-up bubble asking for credentials and I can log in. Then I try to add another user to AD and add it to the group "Wireless users" but he cannot connect. The IAS log says :
User DOMAIN\johndoe was denied access.
Fully-Qualified-User-Name = DOMAIN.local/MyOu/John Doe
NAS-IP-Address = 192.168.128.210
NAS-Identifier = br01
Called-Station-Identifier = 0014.1b60.8740
Calling-Station-Identifier = 0013.cea3.072f
Client-Friendly-Name = br01
Client-IP-Address = 192.168.128.210
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 516
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows Authentication-Server = <undetermined> Policy-Name = Wireless intranet access
Authentication-Type = PEAP
EAP-Type = <undetermined> Reason-Code = 16
Reason = Authentication was not successful because an unknown user name or incorrect password was used.
This user can log in to a computer in the domain so there's nothing wrong with his account. He cannot connect using the wireless connection on my computer, which worked before with my user, and he cannot connect on another computer. And a very annoying thing is that I cannot use my normal user to connect once I have tried to connect with the newly created user account.
And while I'm working on this mess I have a colleague that can connect and another that cannot connect.
It feels like the problem lies on the IAS-side because my PC can connect with one user but not the other one. All requests go to the IAS server and gets either accepted or rejected. All "invalid" rejections seems to have the same Reason as above, which is not true. The username exists and the password is correct.
Any help would be very much appreciated.
/Linus
.
- Follow-Ups:
- Re: WLAN authentication sometimes fail
- From: FenderAxe
- Re: WLAN authentication sometimes fail
- Prev by Date: FYI:TechNet Webcast on NAP, today @ 1 PM (PST)
- Next by Date: Re: 802.1x -- laptop won't connect
- Previous by thread: FYI:TechNet Webcast on NAP, today @ 1 PM (PST)
- Next by thread: Re: WLAN authentication sometimes fail
- Index(es):
Relevant Pages
|
Loading
