Windows 2000 IAS doesn't reject null User-Name

Windows 2000 IAS doesn't reject null User-Name

Post by Q2hhZCBTdH » Sat, 28 Apr 2007 01:24:04


We have 68 HP AP530 access points configured with WPA-802.1x. They use two
dedicated Windows 2000 IAS servers for RADIUS. The domain controllers are
Windows 2003 and the clients are Windows XP Pro SP2 using WZC.
Authentication is PEAP-MS-CHAP V2. The configuration profile is pushed out
to clients with a GPO.

I have a problem with how the IAS servers process Access-Request messages
with null User-Name. Although I have entered a Default User-Name in the
registry, the servers ignore that entry and try to perform name cracking with
the null User-Name. (Naturally, it fails misserably because no one has an
account with a null User-Name.)

Questions:
1. Is there a way to make the IAS servers either reject the requests with
null User-Names or replace the null User-Name with the Default User-Name?
2. Does IAS in Windows Server 2003 handle null User-Names better?