Machine Authentication not working with wireless clients and IAS

Good Day,

Hopefully someone can help me with this, as it's driving me crazy. My
test scenario is this:

Windows XP SP2 PC connecting to a wireless network provided by our Aruba
network controller, which communicates with an IAS server via Radius. The
IAS server is also a domain controller in our Windows 2003 domain, the same
domain that the PC is a member of.

Wireless settings are WPA/TKIP, with PEAP for authentication. We also have
a PKI infrastructure and a certificate assigned to, and installed on, the IAS
server. The same root is trusted on the PC.

With all this setup, I can log in to the PC and authenticate perfectly, via
the user account. However, as soon as I log out I receive event log errors
about the Machine account not working, as such:


User host/houitlpwpatest.corpprep.avzprep.net was denied access.
Fully-Qualified-User-Name = CORPPREP\HOUITLPWPATEST$
NAS-IP-Address = 192.168.10.249
NAS-Identifier = <not present>
Called-Station-Identifier = 000B86029500
Calling-Station-Identifier = 00054E4BD816
Client-Friendly-Name = Aruba
Client-IP-Address = 192.168.10.249
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 0
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = MS-CHAPv2
EAP-Type = <undetermined>
Reason-Code = 16
Reason = Authentication was not successful because an unknown user name or
incorrect password was used.


I've turned on IAS logging, and the following entry appears in the
IASSAM.log file:

[752] 02-02 16:08:08:948: NT-SAM Names handler received request with user
identity host/houitlpwpatest.corpprep.avzprep.net.
[752] 02-02 16:08:08:964: Successfully cracked username.
[752] 02-02 16:08:08:964: SAM-Account-Name is "CORPPREP\HOUITLPWPATEST$".
[752] 02-02 16:08:08:964: NT-SAM Authentication handler received request for
CORPPREP\HOUITLPWPATEST$.
[752] 02-02 16:08:08:964: Processing MS-CHAP v2 authentication.
[752] 02-02 16:08:08:964: LogonUser failed: The account used is a computer
account. Use your global user account or local user account to access this
server.


And that's pretty much where I'm stuck. I think I included everything I
know so far, if there's anything that I've left out or was unclear about,
please let me know. Thanks in advance!

Jeremy
.

Relevant Pages

  • Re: Sporadic IAS Authentication problems
    ... I just verfied but I do have SP1 installed on that windows2k3 IAS server ... against a Windows 2003 Server as a radius server. ... WPA / TKIP as well as PEAP authentication modes. ...
    (microsoft.public.internet.radius)
  • Re: Machine Authentication not working with wireless clients and IAS
    ... Windows XP SP2 PC connecting to a wireless network provided by our Aruba ... Wireless settings are WPA/TKIP, with PEAP for authentication. ... Use your global user account or local user account to access this ... What I would do is create a group of wireless enabled computers. ...
    (microsoft.public.internet.radius)
  • Re: Not associated with a trusted SQL Server connection - Windows
    ... Using Windows authentication in SQL server DOES NOT mean that as long as you ... and SQL Server accept who you are as your user account claims. ...
    (microsoft.public.dotnet.framework.adonet)
  • Windows XP sp3 has discarded by IAS Server
    ... We have used IAS Server for 802.1x network authentication for two week and it ... Unfortunately, this week, some of windows xp clients are discard ...
    (microsoft.public.internet.radius)
  • Re: IIS Setting prevents AD Query from working?
    ... authentication is marked in AD as "Account is trusted for delegation" ... Note that if I turn on auditing, then when I have Integrated windows ... Logon Failure: ... I have also marked the domain user account I am trying to logon as ...
    (microsoft.public.inetserver.iis)