+ Post New Thread
Page 6 of 7 FirstFirst ... 234567 LastLast
Results 76 to 90 of 99
Wireless Networks Thread, RADIUS and IAS in Technical; Have tried this over and over and i have no idea where i am going wrong, i have followed the ...
  1. #76
    tomscaper's Avatar
    Join Date
    Jul 2006
    Posts
    814
    Thank Post
    118
    Thanked 29 Times in 15 Posts
    Rep Power
    22
    Have tried this over and over and i have no idea where i am going wrong, i have followed the guide but still unable to get laptops to connect.

    We are using HP 520 WL Access points and there logs show
    Code:
    Primary EAP/802.1x Authentication Server
    Access Requests 	3
    Access Accepts 	0
    Access Retransmissions 	5
    Access Rejects 	0
    Access Challenges 	0
    Malformed Access Responses 	0
    Authentication Bad Authenticators 	0
    Timeouts 	6
    What that means i don't know but i have radius set up to the server and the right ports set. Either am about to give in or pay for someone to come in and set this up for us.

  2. #77

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,272
    Thank Post
    613
    Thanked 1,567 Times in 1,407 Posts
    Rep Power
    412
    Ok to test it's not your radius server try this Periodik Labs: Elektron RADIUS Server for Wireless Security

    Ben

  3. Thanks to plexer from:

    tomscaper (24th November 2008)

  4. #78
    tomscaper's Avatar
    Join Date
    Jul 2006
    Posts
    814
    Thank Post
    118
    Thanked 29 Times in 15 Posts
    Rep Power
    22
    Thanks will try that i just noticed you had posted that before sorry about that i didnt see it.

  5. #79
    tomscaper's Avatar
    Join Date
    Jul 2006
    Posts
    814
    Thank Post
    118
    Thanked 29 Times in 15 Posts
    Rep Power
    22
    Tried the Elektron test and it came up with test failed.

  6. Thanks to tomscaper from:

    jsnetman (20th November 2008)

  7. #80
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,421
    Thank Post
    10
    Thanked 486 Times in 426 Posts
    Rep Power
    110
    Can you ping the AP from the radius server?

  8. Thanks to DMcCoy from:

    tomscaper (24th November 2008)

  9. #81
    tomscaper's Avatar
    Join Date
    Jul 2006
    Posts
    814
    Thank Post
    118
    Thanked 29 Times in 15 Posts
    Rep Power
    22
    Yeah the radius server can ping the AP

  10. #82
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,421
    Thank Post
    10
    Thanked 486 Times in 426 Posts
    Rep Power
    110
    Quote Originally Posted by tomscaper View Post
    Yeah the radius server can ping the AP
    Ok,

    What client OS and service pack?
    What Authentication method (Certificate or password?)
    Machine or User for authentication?

    I did see that you are using a peap password from your IAS config, if you are authenticating the machine then you will need to make some changes on the client.

  11. Thanks to DMcCoy from:

    tomscaper (24th November 2008)

  12. #83
    tomscaper's Avatar
    Join Date
    Jul 2006
    Posts
    814
    Thank Post
    118
    Thanked 29 Times in 15 Posts
    Rep Power
    22
    Quote Originally Posted by DMcCoy View Post
    Ok,

    What client OS and service pack?
    What Authentication method (Certificate or password?)
    Machine or User for authentication?

    I did see that you are using a peap password from your IAS config, if you are authenticating the machine then you will need to make some changes on the client.

    Client XP Sp2
    I followed the pdf guide and i create a certificate and set shared key on access.
    point and on radius.
    machine authentication.

    I dont really fully know much about it all, i just followed the guide.

  13. #84
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,421
    Thank Post
    10
    Thanked 486 Times in 426 Posts
    Rep Power
    110
    Try turning off "Request must contain the Message Authenticator attribute." for the AP in the client settings, I know that this does not work with my procurve switches. You aren't getting as far as authentication by the looks of those timeouts. I assume the AP is using an address that it can see for it's radius server (on it's *default* vlan for example)

  14. Thanks to DMcCoy from:

    tomscaper (24th November 2008)

  15. #85

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    737
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    36
    Quote Originally Posted by tomscaper View Post
    Client XP Sp2
    I followed the pdf guide and i create a certificate and set shared key on access.
    point and on radius.
    machine authentication.

    I dont really fully know much about it all, i just followed the guide.
    Hi,

    For testing make sure the shared secret doesn't contain any special characters and use a normal phrase. Usually alpha-numeric combination is best for shared secret.

    Do you have a security group with the computer accounts in and is this group allowed access?

    You may need to have both the users and computers in the groups to authenticate them both.

    Double-check the certificate as this will cause issue. For testing purposes disable the certificate checking by going to the properties of the wireless network and click on the Authentication Tab and then click the Properties button next to Protected EAP (PEAP). Clear the tick box next to "validate server certificate".

    Ash.

  16. Thanks to spc-rocket from:

    tomscaper (24th November 2008)

  17. #86
    tomscaper's Avatar
    Join Date
    Jul 2006
    Posts
    814
    Thank Post
    118
    Thanked 29 Times in 15 Posts
    Rep Power
    22
    Quote Originally Posted by ashok View Post
    Hi,

    For testing make sure the shared secret doesn't contain any special characters and use a normal phrase. Usually alpha-numeric combination is best for shared secret.

    Do you have a security group with the computer accounts in and is this group allowed access?

    You may need to have both the users and computers in the groups to authenticate them both.

    Double-check the certificate as this will cause issue. For testing purposes disable the certificate checking by going to the properties of the wireless network and click on the Authentication Tab and then click the Properties button next to Protected EAP (PEAP). Clear the tick box next to "validate server certificate".

    Ash.
    Special characters could the & sign cause a problem.

    Security group is fine and has the computers added. Also added Domain users to make sure.

    I created the certificate from the tutorial so i dunno if its right or not. but will try that if it works then it must be certificate.

    Will post let you know how it goes.

  18. #87
    tomscaper's Avatar
    Join Date
    Jul 2006
    Posts
    814
    Thank Post
    118
    Thanked 29 Times in 15 Posts
    Rep Power
    22
    Quote Originally Posted by DMcCoy View Post
    Try turning off "Request must contain the Message Authenticator attribute." for the AP in the client settings, I know that this does not work with my procurve switches. You aren't getting as far as authentication by the looks of those timeouts. I assume the AP is using an address that it can see for it's radius server (on it's *default* vlan for example)
    Yeah all on same vlan, and i tried turning off the message authenticate btu that make no difference

    Also would it make a difference if i rebooted my radius server. would that do any good.

  19. #88
    tomscaper's Avatar
    Join Date
    Jul 2006
    Posts
    814
    Thank Post
    118
    Thanked 29 Times in 15 Posts
    Rep Power
    22
    Well i got it all working now, it was something to do with the type of encryption on the AP and that i had to remove the WEP encryption for the WPA to authenticate.

    Thanks everyone for the help

  20. #89

    broc's Avatar
    Join Date
    Jan 2006
    Location
    England
    Posts
    2,046
    Thank Post
    104
    Thanked 401 Times in 265 Posts
    Rep Power
    150
    Earlier in this thread I described a problem where some wireless systems appear to lose the ability to connect to our domain. I have since discovered that when the problem happens, the failing laptops are reported by the 3Com Wireless Switch Manager as having an invalid session state. The 3Com software can see the MAC address and identify the system by name, but it has associated an IP address of 0.0.0.0 and they just sit there attempting to authenticate.

    Looking at the certificate on the client, it appears to be valid, although sometimes there can be two copies.

    Another curious fact is the session start time reported by the 3Com software is Thu Jan 01 01:00:00 GMT 1970, on a working system with an active session this would have the actual date/time the session started.

    We have established that the RTC on the laptop appears to be correct, and within seconds of the DC clock, so the first thought that the batteries had gone flat and the system had lost its time settings appears to be false.

    Any ideas where this mysterious date/time is coming from? Any ideas how to get a debug log out of a system that has lost its way? Normal event logs don't show anything beyond being unable to connect to the domain.

  21. #90

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,986
    Thank Post
    850
    Thanked 2,653 Times in 2,253 Posts
    Blog Entries
    9
    Rep Power
    764
    Quote Originally Posted by broc View Post
    Any ideas where this mysterious date/time is coming from?
    Each switch/ap has its own built in clock, have these been set or setup to grab their time of an NTP server?

SHARE:
+ Post New Thread
Page 6 of 7 FirstFirst ... 234567 LastLast

Similar Threads

  1. radius with guests
    By strawberry in forum How do you do....it?
    Replies: 9
    Last Post: 16th July 2008, 04:10 PM
  2. How does Radius work?
    By ranj in forum Wireless Networks
    Replies: 3
    Last Post: 4th January 2008, 12:42 PM
  3. Radius Testing Software
    By plexer in forum Wireless Networks
    Replies: 0
    Last Post: 25th September 2007, 04:00 PM
  4. HP NX6325 Radius PEAP
    By plexer in forum Wireless Networks
    Replies: 0
    Last Post: 1st December 2006, 10:15 AM
  5. ISA Server 2004 and RADIUS
    By spc-rocket in forum Wireless Networks
    Replies: 0
    Last Post: 11th December 2005, 12:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •