Re: IAS and workgroup computers.
- From: "Bill Grant" <not.available@online>
- Date: Fri, 12 Jan 2007 11:00:03 +1100
I am not aware of it being a known issue.
"Guy Melamed" <guy.melamed@xxxxxxxxxxxxxx> wrote in message
news:41644BF7-8022-40AD-81DD-B8A59D9C136C@xxxxxxxxxxxxxxxx
Hi Bill,
Do you know if this is a known issue that already has a fix?
Kind regards,
--
Guy Melamed
MCSE: Messgaing (2000/2003)
"Bill Grant" wrote:
I suspect you will need to contact Microsoft PSS to get a fix for this.
"Bill Grant" <not.available@online> wrote in message
news:%23zrnXeJNHHA.1252@xxxxxxxxxxxxxxxxxxxxxxx
Yes, I now understand what you want it to do. I don't have an answer.
My
guess is that the because PEAP authentication fails, the IAS server
does
not set up a communication link to the AP, so it cannot send back the
error code. It just sends a reject.
"Guy Melamed" <guy.melamed@xxxxxxxxxxxxxx> wrote in message
news:95B702C6-1BFD-4420-801B-83FC60481BE3@xxxxxxxxxxxxxxxx
Hi Bill, and thank you for your reply.
IAS can return three responds to authentication equests: Accepet,
Reject
and
Drop.
In this case IAS drops the request, but I would like it to reject it.
Do you understand?
Thanks,
--
Guy Melamed
MCSE: Messgaing (2000/2003)
"Bill Grant" wrote:
I am not sure what you want to do. IAS is accepting valid requests
and is
rejecting invalid ones. What exactly is your problem? Do you want to
somehow
stop the AP from sending you a notification when this happens?
"Guy Melamed" <guy.melamed@xxxxxxxxxxxxxx> wrote in message
news:62F7C238-3372-40BE-91E6-FD206EE29C91@xxxxxxxxxxxxxxxx
Hi,
I have setup a IAS on my Windows 2003 SP1 domain controller.
I configured the IAS with a policy that grants wireless access to
PEAP
protocol with mschap v2 and a certificate.
The policy and the wireless works fine for computers in my domain.
When workgroup computers try to access the wireless AP, the IAS
sees
that
it
cannot authenticate the credentials, and send a reject for the
authentication
request (I can see it in the event viewer).
As a result, my AP sends me a notification that the radius server
is
not
responding.
I have tried to add a policy in the IAS, that denies access to all
authentication methods and but that did not help. I still get the
same
behaviour.
I even tried to set a policy that denies all ("*") NAS-Identifiers,
but
thid
didn't help either.
Here is an example of the event:
Event Type: Error
Event Source: IAS
Event Category: None
Event ID: 3
Date: 09/01/2007
Time: 12:43:45
User: N/A
Computer: XXXXXX
Description:
Access request for user XXXX\XXXX was discarded.
Fully-Qualified-User-Name = XXXX\XXXX
NAS-IP-Address = XXX.XXX.XXX.XXX
NAS-Identifier = AP_FL7_E
Called-Station-Identifier = 0011.932e.6d61
Calling-Station-Identifier = 0013.ce50.28e3
Client-Friendly-Name = A.P - FL7 E
Client-IP-Address = XXX.XXX.XXX.XXX
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 38993
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Reason-Code = 5
Reason = The user account domain cannot be accessed.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 ....
Does anyone know how can I configure the IAS to reject these
authentication
requests?
Reagrds,
--
Guy Melamed
MCSE: Messgaing (2000/2003)
.
- References:
- Re: IAS and workgroup computers.
- From: Bill Grant
- Re: IAS and workgroup computers.
- From: Guy Melamed
- Re: IAS and workgroup computers.
- From: Bill Grant
- Re: IAS and workgroup computers.
- From: Bill Grant
- Re: IAS and workgroup computers.
- From: Guy Melamed
- Re: IAS and workgroup computers.
- Prev by Date: EPMAP Connections
- Next by Date: RE: 2 domains communicating but not resloving names
- Previous by thread: Re: IAS and workgroup computers.
- Next by thread: Windows 2k Server Domain Probs
- Index(es):
Relevant Pages
|
Loading
