Re: IAS server and access points

---

• From: "James McIllece [MS]" <jamesmci@xxxxxxxxxxxxxxxxxxxx>
• Date: Tue, 14 Aug 2007 13:24:31 -0700

---

=?Utf-8?B?R2FyeUFTRw==?= <GaryASG@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
news:5C745148-BAF6-4650-9DA8-C2B63820C71F@xxxxxxxxxxxxx:

I am having a problem with some access points that are 802.1x capable.
I use PEAP and passwords to authenticate wireless clients. Some access
points work fine with IAS others can only authenticate the users as
they login they do not authenticate the computers before login. This
prevents our login script from running. The computers can authenticate
once the user is logged in but this is too late.
I get an occassional message on my IAS server that says "A RADIUS
message with the Code field set to 2, which is not valid, was received
on port 1812 from RADIUS client "access point name." This also appears
with code field 4 & 5. I frequently get no message at all.
This has happened with 3com, netgear, dlink and linksys access points.
It also varies with firmware on some accesss points i.e. old firmware
works new firmware does not. Is this just a problem with the access
points or could it be my network/IAS setup?
Any help gratefully received

If the access points are sending RADIUS messages with invalid values for
the code field, there is nothing wrong with your setup -- as you have
noted, IAS will reject messages with invalid values.

Without implying that the APs you are using are not compliant with the
RADIUS protocol/RFC's, I can say that whatever APs you're using must be
compliant with the RADIUS protocol and RFCs, and if you're having problems
with APs you should definitely contact the AP vendor.

As for logon scripts running, do you have all clients configured to
validate the IAS server? (Can't remember the name of this control on the
client, I think it is probably "Validate server certificate")

--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
.

---

• Follow-Ups:
  • Re: IAS server and access points
    • From: GaryASG

• Prev by Date: Re: Adding certificate to list of PEAP certificates
• Next by Date: Re: Accessing client-friendly-name from IAS extension dll
• Previous by thread: Re: Adding certificate to list of PEAP certificates
• Next by thread: Re: IAS server and access points
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: 802.1x authentication for wireless issues w/ ISA 2004 ... The do support WPA-EAP and the radius ... authenticate the computer and this is trying to authenticate the user and not ... If you can post perhaps 10 lines from the IAS log, ... represent my IAS server or the client laptops. ... (microsoft.public.windows.server.sbs) RE: How do I install & set up RADIUS? ... IAS is a server enable you to ... you configure a user can log in via VPN and the authenticate ... The initila use of RADIUS has just been clarified for me. ... How do I install & set up RADIUS? ... (microsoft.public.windows.server.general) Re: 802.1x authentication for wireless issues w/ ISA 2004 ... If you can post perhaps 10 lines from the IAS log, ... It states to use windows to authenticate all ... If i turn the radius setting ... (microsoft.public.windows.server.sbs) Re: help in using IAS as RADIUS Server ... Almost all Radius compliant clients are supported in IAS, ... > standard edition as RADIUS Server ... (microsoft.public.internet.radius) Re: IAS with Wireless in AD Network ... > You need to add your access point as a RADIUS client in IAS. ... Don't the clients need to be at least ... XP has the required dialog boxes for configuring ... (microsoft.public.windows.server.active_directory)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Internet  > microsoft.public.internet.radius  > 2007-08