802.1x MD5-Challege authenticated failure

802.1x MD5-Challege authenticated failure

Post by TWljaGFlbC » Sat, 23 Aug 2008 11:44:00



i have installed IAS Server on Windows 2003 r2 standard for d-link des-1228
switches 802.1x wired authentication .I want to perform MD5-Challege for AD
user rather than PEAP.Our AD is windows 2003.clients are wxp sp2 or later.
I puzzled why NAS-PORT-TYPE IN Policy conditions was Ethernet,but ias log
shows Wireless - IEEE 802.11 ?
Here is the Policy conditions:
NAS-Port-Type matches "Ethernet"AND Windows-Groups matches "ASIA\#CN - WUJ
Radius"

the following is ias log detail:

The line logged into the file:

NAS-IP-Address : 10.200.224.47
User-Name : ASIA\radius
Record-Date : 08/21/2008
Record-Time : 14:38:59
Service-Name : IAS
Computer-Name : WUJNT009
NAS-IP-Address : 10.200.224.47
NAS-Port : 0
Called-Station-Id : 00-1C-F0-BD-C2-95
Calling-Station-Id : 00-03-25-58-80-10
Framed-MTU : 1300
NAS-Port-Type : Wireless - IEEE 802.11
Connect-Info : CONNECT 10/100Mbps
Client-IP-Address : 10.200.224.47
Client-Vendor : RADIUS Standard
Client-Friendly-Name: 2F HP LAB 224.47
Provider-Type : Windows
Proxy-Policy-Name : Use Windows authentication for all users
Class : 311 1 10.200.224.16 08/15/2008 07:22:12 10
SAM-Account-Name : ASIA\radius
Fully-Qualifed-User-Name: ASIA\radius
Authentication-Type : EAP
Packet-Type : Access-Request
Reason-Code : The operation completed successfully.



NAS-IP-Address : 10.200.224.47
User-Name : ASIA\radius
Record-Date : 08/21/2008
Record-Time : 14:38:59
Service-Name : IAS
Computer-Name : WUJNT009
Class : 311 1 10.200.224.16 08/15/2008 07:22:12 10
Authentication-Type : EAP
Fully-Qualifed-User-Name: ASIA\radius
SAM-Account-Name : ASIA\radius
Proxy-Policy-Name : Use Windows authentication for all users
Provider-Type : Windows
Client-Friendly-Name: 2F HP LAB 224.47
Client-Vendor : RADIUS Standard
Client-IP-Address : 10.200.224.47
Packet-Type : Access-Reject
Reason-Code : The connection attempt did not match any remote
access policy.
 
 
 

802.1x MD5-Challege authenticated failure

Post by S. Pidgorn » Sat, 30 Aug 2008 19:24:24

So there is port type mismatch, because of which the access policy
doesn't apply...


--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://www.yqcomputer.com/ * http://www.yqcomputer.com/ *

 
 
 

802.1x MD5-Challege authenticated failure

Post by TWljaGFlbC » Mon, 08 Sep 2008 01:39:10

I have successed while i configured the remote access policy as wireless,my
problem is why my radius client is wired switch,but i must set the remote
access policy as wireless ?

thanks in advanced !
 
 
 

802.1x MD5-Challege authenticated failure

Post by James McIl » Wed, 10 Sep 2008 05:44:29

=?Utf-8?B?TWljaGFlbCBjaGVu?= < XXXX@XXXXX.COM >



Do not configure the remote access policy as wireless if you are deploying
a switch. If you do, the policy will not work.


James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.