Re: access request is discarded



Hi,

We just found a relevant Knowledge Base article on Microsoft.com
(posted three days ago!):

Windows Server 2003-based IAS servers do not send "access reject"
packets to IAS clients when the clients use unknown domain names in
authentication requests
http://support.microsoft.com/kb/946813

We just opened a call at Microsoft to obtain this patch.

Greetings,
Stijn.


On 6 mrt, 15:14, stijn.cald...@xxxxxxxxx wrote:
Hi,

We see that access requests of workgroup laptops are discarded when
trying to authenticate with a local machine user. We would like if the
packets were explicitly denied, because after a few dropped packets
the wireless controller supposes that the RADIUS server is down.
Requests of well-configured laptops with good requests (by domain
users) are accepted without any trouble. Hereunder you find two
examples, one of a discarded access request, one of an accepted access
request.
We are using two IAS radius servers with Windows Server 2003 SP2 and
domain controller functionality installed upon.
Any suggestion?

Many thanks,
Stijn Calders

Discarded access request:
Event Type:     Error
Event Source:   IAS
Event Category: None
Event ID:       3
Date:           6/03/2008
Time:           14:29:26
User:           N/A
Computer:       <radius server>
Description:
Access request for user TESTLAPHSD01\Administrator was discarded.
 Fully-Qualified-User-Name = TESTLAPHSD01\Administrator
 NAS-IP-Address = <wlan controller ip address>
 NAS-Identifier = <nas identifier>
 Called-Station-Identifier = <mac address>:<ssid>
 Calling-Station-Identifier = 00-15-00-4A-3B-86
 Client-Friendly-Name = <client friendly name>
 Client-IP-Address = 10.113.49.1
 NAS-Port-Type = Wireless - IEEE 802.11
 NAS-Port = 1
 Proxy-Policy-Name = Accept all
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Reason-Code = 5
 Reason = The user account domain cannot be accessed.

For more information, see Help and Support Center athttp://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00               ....

Accepted access request:
Event Type:     Information
Event Source:   IAS
Event Category: None
Event ID:       1
Date:           6/03/2008
Time:           14:29:20
User:           N/A
Computer:       <ias server>
Description:
User student\xx was granted access.
 Fully-Qualified-User-Name = student.kdg.be/xx
 NAS-IP-Address = <nas ip address>
 NAS-Identifier = <nas identifier>
 Client-Friendly-Name = <client friendly name>
 Client-IP-Address = <client ip address>
 Calling-Station-Identifier = 00-13-CE-7D-1D-A7
 NAS-Port-Type = Wireless - IEEE 802.11
 NAS-Port = 1
 Proxy-Policy-Name = IAS Student Through NT Style
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = Allow student users on KdG_Student
 Authentication-Type = PEAP
 EAP-Type = Secured password (EAP-MSCHAP v2)

For more information, see Help and Support Center athttp://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00               ....

.



Relevant Pages