Re: IAS and workgroup computers.

I am not sure what you want to do. IAS is accepting valid requests and is
rejecting invalid ones. What exactly is your problem? Do you want to somehow
stop the AP from sending you a notification when this happens?

"Guy Melamed" <guy.melamed@xxxxxxxxxxxxxx> wrote in message
news:62F7C238-3372-40BE-91E6-FD206EE29C91@xxxxxxxxxxxxxxxx
Hi,

I have setup a IAS on my Windows 2003 SP1 domain controller.
I configured the IAS with a policy that grants wireless access to PEAP
protocol with mschap v2 and a certificate.
The policy and the wireless works fine for computers in my domain.
When workgroup computers try to access the wireless AP, the IAS sees that
it
cannot authenticate the credentials, and send a reject for the
authentication
request (I can see it in the event viewer).
As a result, my AP sends me a notification that the radius server is not
responding.
I have tried to add a policy in the IAS, that denies access to all
authentication methods and but that did not help. I still get the same
behaviour.
I even tried to set a policy that denies all ("*") NAS-Identifiers, but
thid
didn't help either.

Here is an example of the event:

Event Type: Error
Event Source: IAS
Event Category: None
Event ID: 3
Date: 09/01/2007
Time: 12:43:45
User: N/A
Computer: XXXXXX
Description:
Access request for user XXXX\XXXX was discarded.
Fully-Qualified-User-Name = XXXX\XXXX
NAS-IP-Address = XXX.XXX.XXX.XXX
NAS-Identifier = AP_FL7_E
Called-Station-Identifier = 0011.932e.6d61
Calling-Station-Identifier = 0013.ce50.28e3
Client-Friendly-Name = A.P - FL7 E
Client-IP-Address = XXX.XXX.XXX.XXX
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 38993
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Reason-Code = 5
Reason = The user account domain cannot be accessed.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 ....


Does anyone know how can I configure the IAS to reject these
authentication
requests?

Reagrds,

--
Guy Melamed
MCSE: Messgaing (2000/2003)



.

Relevant Pages

  • Re: Machine Authentication not working with wireless clients and I
    ... Guys, are you saying that to do Machine Auth over PEAP-MSCHAPV2, IAS needs to ... The account used is a computer account. ... authentication, just the same error as before, about invalid account. ... What I would do is create a group of wireless enabled computers. ...
    (microsoft.public.internet.radius)
  • Re: IAS and workgroup computers.
    ... IAS can return three responds to authentication equests: ... In this case IAS drops the request, but I would like it to reject it. ... The policy and the wireless works fine for computers in my domain. ...
    (microsoft.public.windows.server.networking)
  • Re: IAS and workgroup computers.
    ... IAS can return three responds to authentication equests: ... In this case IAS drops the request, but I would like it to reject it. ... The policy and the wireless works fine for computers in my domain. ...
    (microsoft.public.windows.server.networking)
  • Re: Problem with IAS and DCOM
    ... I can see an incorrect setting making authentication fail, but I have not seen an instance where an IAS login failure crashed other services. ... Check to make sure that all your security settings match throughout the configuration - on the client PC, the WAP, and the server. ... If these are domain-joined client PCs, authenticating the computers gives you a number of benefits based on the fact that the computer can authenticate without a user login. ...
    (microsoft.public.windows.server.sbs)
  • Re: Vendor Specific Accounting with IAS?
    ... I have an IAS server on Windows 2003 Server. ... rejecting those accounting requests as unknown value types and not ...
    (microsoft.public.internet.radius)
Loading