+ Post New Thread
Results 1 to 8 of 8
Windows Server 2008 R2 Thread, NPS/Radius authentication with wireless clients using 2008 R2 in Technical; Hi Has anyone managed to get RADIUS to work on 2008 with an Extricom wireless system? I am trying to ...
  1. #1
    ranj's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    730
    Thank Post
    98
    Thanked 42 Times in 32 Posts
    Rep Power
    25

    NPS/Radius authentication with wireless clients using 2008 R2

    Hi

    Has anyone managed to get RADIUS to work on 2008 with an Extricom wireless system?

    I am trying to get our Extricom switches EXSW-2400 to communicate with our 2008 r2 server which is our NPS/Radius server. I configured all this successfully using IAS in 2003 but have had problems getting our wireless clients authenticated using our 2008 server.

    We have a 2008 AD network (2 DC's on 2008 and 1 on 2003 and our 1 NPS server is a member server on 2008 R2).

    In the NPS setup I have created our 2 RADIUS clients (our 2 extricom switches) and configured the switches to point to our radius server. I am using WPA2 enterprise with TKIP only and ensured we are using the default authentication/accounting ports. This is configured on both of our wireless switches.

    I setup a radius server for 802.1x wireless connections with a connection request policies and network policies but cannot get it to work. I know the wireless client is reaching the radius server but its rejecting it for some reason.

    A wireless laptop I am testing it with is just saying "windows was unable to log you on to the network {ssidname}". I have also seen a message which said " Windows was unable to find a certificate to log you on to the network SSIDname”, I get this message when I configure the client to use smart card or other certificate. If I change this to PEAP I get the first message.

    in the event properties of the radius server I get the following:

    Network Policy Server denied access to a user.

    User:
    Security ID: NULL SID
    Account Name: {domainname\username}
    Account Domain: -
    Fully Qualified Account Name: -

    Client Machine:
    Security ID: NULL SID
    Account Name: -
    Fully Qualified Account Name: -
    OS-Version: -
    Called Station Identifier: 00-13-A6-21-AD-41
    Calling Station Identifier: 00-1D-E0-D1-3B-D3

    NAS:
    NAS IPv4 Address: 0.0.0.0
    NAS IPv6 Address: -
    NAS Identifier: -
    NAS Port-Type: Wireless - IEEE 802.11
    NAS Port: 1

    RADIUS Client:
    Client Friendly Name: Template of wifiswitch1
    Client IP Address: 10.122.84.26 # this is the IP address of one of the wireless switches

    Authentication Details:
    Connection Request Policy Name: -
    Network Policy Name: -
    Authentication Provider: -
    Authentication Server: {NPSserver.domainname.PRI}
    Authentication Type: -
    EAP Type: -
    Account Session Identifier: -
    Logging Results: Accounting information was written to the local log file.
    Reason Code: 49
    Reason: The RADIUS request did not match any configured connection request policy (CRP).


    Can anyone advice me on what I am doing wrong. I have created 2 AD groups one called wireless devices and wireless users. I have popped in my test laptop into wireless devices and my username who is a domain admins into wireless users. In the network policy I have said if it is part of wireless devices/users then allow access.

    I know Ashok did a brilliant guide for this but that was based on a 2003 IAS system, has anyone done something similar for 2008 or give me some links of useful guides. I have looked at technet but haven't been able to find an answer.

    Thanks

  2. #2
    User3204's Avatar
    Join Date
    Aug 2006
    Location
    Wirral
    Posts
    769
    Thank Post
    55
    Thanked 66 Times in 62 Posts
    Rep Power
    34
    Check the server logfiles, we use this IAS Log Viewer - DeepSoftware.com which is "free" but is nagware.

    The windows event log also logs stuff but not as easy to read, as it's all mixed in with the other windows stuff.

    The log viewer gives a better view, it looks like you're not matching any of the allow rules. which is what the: "The RADIUS request did not match any configured connection request policy". actually means.

    So check the rules are all correct.
    Last edited by User3204; 23rd September 2009 at 06:04 PM.

  3. #3
    ranj's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    730
    Thank Post
    98
    Thanked 42 Times in 32 Posts
    Rep Power
    25
    Quote Originally Posted by User3204 View Post
    Check the server logfiles, we use this IAS Log Viewer - DeepSoftware.com which is "free" but is nagware..
    Thanks for that, it didnt give me any extra useful informaiton which helped me diagnose the problem.

    Has any other school who has an Extricom Wireless system or similar managed successfully to get it working using Radius/NPS in 2008?

    We are using Windows Server 2008 R2 as our NPS server with 2 Extricom EXSW-2400 switches and for authenticaiton I would like to use PEAP-MS-CHAP v2 because our laptops are configured on our AD domnain and from what I have read it works well well with that auth method.

    Our wireless clients are XP SP3 with Intel wireless 4965AGN cards.

    Thanks

  4. #4
    stevef1's Avatar
    Join Date
    Jun 2007
    Posts
    31
    Thank Post
    3
    Thanked 1 Time in 1 Post
    Rep Power
    0
    I have Windows 2008, NPS working with HP ap420 access points, if i can be of any help. Our users log on using domain username/password.

    stevef1

  5. #5
    ranj's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    730
    Thank Post
    98
    Thanked 42 Times in 32 Posts
    Rep Power
    25
    I thought this problem was resolved but I am still having issues and thought I would share it on here to see if anyone else suffered similar issues. I found out we had an issue when one of our laptops trolleys were being used which had 15 laptops on the go at the same time. I know our wireless network is designed for us to be able to use a significant number of laptops at the same time as it has the blanket technology rather than cell planning and when we had it working on IAS Radius on server 2003 it worked fine so am struggling to understand the problem.

    All laptops are on the domain. When a domain user logs in at logon, all laptops will connect fine to the wireless network but after about 50 minutes – 1 hour, we find that randomly laptops will disconnect from the wireless so the users lose connection to both network resources and the internet.

    The only way for us to resolve is to turn off the wireless and then turn it back on. I have updated all laptops with the changes from our conversations, I have also updated the wireless driver to the latest Intel driver which was released in September 2009 and have tried a few things such as leaving it more open so I can eliminate any possible connectivity problems but am having no luck.

    On our wireless network we have 2 SSIDs, one for any domain laptops which is the SSID configured through NPS and the other one is a visitor SSID which we use on guest non domain laptops and PDA’s. This is mainly for them to get on to the internet. This involves putting in a WPA key to activate the wireless, The visitor SSID is fine so I have eliminated any potential problems on the wireless switch side. I believe this is a configuration problem with NPS and was hoping someone might be able to assist me with this.

  6. #6

    Join Date
    Mar 2007
    Location
    Bradford
    Posts
    105
    Thank Post
    7
    Thanked 14 Times in 14 Posts
    Rep Power
    17
    We have had similar issues using Cisco wireless kit. It wasn't working on our Student WLAN but was on the Staff. The logs were showing similar messages that no policies matched on NPS. We discovered the only difference being the Student WLAN was using only 'a' whereas the staff was set to use 'a', 'b' or 'g'.

    We changed the student wireless lan to use all bands instead of just 'a' and it has started working.

  7. #7

    Join Date
    Apr 2010
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Oh I could use your help steve! lol

  8. #8

    Join Date
    May 2009
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    'The RADIUS request did not match any configured connection request policy'. looks like your RADIUS policies are not setup correctly. Have you setup any day/time restrictions on your connection request policy?

SHARE:
+ Post New Thread

Similar Threads

  1. 802.1x-Radius Wireless Authentication
    By jayemm in forum Wireless Networks
    Replies: 5
    Last Post: 22nd September 2009, 10:50 AM
  2. Radius setup with 2008 server
    By ful56_uk in forum Wireless Networks
    Replies: 1
    Last Post: 17th July 2009, 10:19 PM
  3. Troubleshooting a RADIUS wireless lan
    By maniac in forum Wireless Networks
    Replies: 8
    Last Post: 23rd October 2008, 09:10 AM
  4. Wireless and RADIUS
    By jamin100 in forum Wireless Networks
    Replies: 8
    Last Post: 22nd July 2008, 10:50 PM
  5. Wireless 802.1x RADIUS authentication using IAS server
    By spc-rocket in forum Wireless Networks
    Replies: 0
    Last Post: 3rd January 2008, 06:15 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •