Ok to test it's not your radius server try this Periodik Labs: Elektron RADIUS Server for Wireless Security
Have tried this over and over and i have no idea where i am going wrong, i have followed the guide but still unable to get laptops to connect.
We are using HP 520 WL Access points and there logs show
What that means i don't know but i have radius set up to the server and the right ports set. Either am about to give in or pay for someone to come in and set this up for us.Code:Primary EAP/802.1x Authentication Server Access Requests 3 Access Accepts 0 Access Retransmissions 5 Access Rejects 0 Access Challenges 0 Malformed Access Responses 0 Authentication Bad Authenticators 0 Timeouts 6
Thanks will try that i just noticed you had posted that before sorry about that i didnt see it.
Tried the Elektron test and it came up with test failed.
jsnetman (20th November 2008)
Can you ping the AP from the radius server?
Yeah the radius server can ping the AP
What client OS and service pack?
What Authentication method (Certificate or password?)
Machine or User for authentication?
I did see that you are using a peap password from your IAS config, if you are authenticating the machine then you will need to make some changes on the client.
Try turning off "Request must contain the Message Authenticator attribute." for the AP in the client settings, I know that this does not work with my procurve switches. You aren't getting as far as authentication by the looks of those timeouts. I assume the AP is using an address that it can see for it's radius server (on it's *default* vlan for example)
For testing make sure the shared secret doesn't contain any special characters and use a normal phrase. Usually alpha-numeric combination is best for shared secret.
Do you have a security group with the computer accounts in and is this group allowed access?
You may need to have both the users and computers in the groups to authenticate them both.
Double-check the certificate as this will cause issue. For testing purposes disable the certificate checking by going to the properties of the wireless network and click on the Authentication Tab and then click the Properties button next to Protected EAP (PEAP). Clear the tick box next to "validate server certificate".
Security group is fine and has the computers added. Also added Domain users to make sure.
I created the certificate from the tutorial so i dunno if its right or not. but will try that if it works then it must be certificate.
Will post let you know how it goes.
Well i got it all working now, it was something to do with the type of encryption on the AP and that i had to remove the WEP encryption for the WPA to authenticate.
Thanks everyone for the help
Earlier in this thread I described a problem where some wireless systems appear to lose the ability to connect to our domain. I have since discovered that when the problem happens, the failing laptops are reported by the 3Com Wireless Switch Manager as having an invalid session state. The 3Com software can see the MAC address and identify the system by name, but it has associated an IP address of 0.0.0.0 and they just sit there attempting to authenticate.
Looking at the certificate on the client, it appears to be valid, although sometimes there can be two copies.
Another curious fact is the session start time reported by the 3Com software is Thu Jan 01 01:00:00 GMT 1970, on a working system with an active session this would have the actual date/time the session started.
We have established that the RTC on the laptop appears to be correct, and within seconds of the DC clock, so the first thought that the batteries had gone flat and the system had lost its time settings appears to be false.
Any ideas where this mysterious date/time is coming from? Any ideas how to get a debug log out of a system that has lost its way? Normal event logs don't show anything beyond being unable to connect to the domain.
There are currently 1 users browsing this thread. (0 members and 1 guests)