Wireless Networks Thread, RADIUS \ EAP-TLS \ Ruckus in Technical; This is beginning to drive me nuts so hoping someone can help shed some light on the matter
I'm trying ...
7th June 2012, 03:43 PM #1
7th June 2012, 07:49 PM #2
- Rep Power
It looks as though you've done everything right. On the NPS server you need to look in Custom Logs, not the Windows Logs (you won't see anything from NPS in there). You should see plenty of logs if you're trying to get a client to associate using Computer Authentication.
Can you have a look in the log and post any errors you get here?
8th June 2012, 02:00 PM #3
A couple of changes sorted the problem...
a) making sure 802.1X EAP was entered on authentication method on the WLAN in Ruckus (someone else set this up for me initially and left it off)
b) re-creating the shared secret, RADIUS client etc from scratch... start with a really simple secret to make sure it works then go for a complex one later
c) XP SP3 clients won't auto enrol their certs if you use the 2008 template when following the MS guide to duplicating templates
Think I might leave my cert template as 2008 due to XP being removed in summer anyway...
Thanks for the reply, knowing that the method was correct helped go back and find the simple things... I'm a happy RADIUS user now
Last edited by gshaw; 8th June 2012 at 02:02 PM.
8th June 2012, 02:29 PM #4
- Rep Power
Glad you got it sorted!
8th June 2012, 04:11 PM #5
Nice way to end the week with a bit of success
Just need to decide whether to stick with EAP-TLS or go PEAP-MSCHAP or PEAP-EAP-TLS... seeing as I have the certificates working OK I guess it's just a matter of deciding how I want the security set up (as far as I understand it)...
- EAP-TLS... just authenticate the WLAN via machine certificate (set up and working at the moment)
- PEAP-EAP-TLS... authenticate user and computer via certificates
- PEAP-MSCHAPv2... basic authentication via Computer account then username \ password
Just reading another thread on here I'm leaning towards EAP-TLS to avoid the possible Computer Account expiration issue some experienced when machines aren't used for a while. Also wondering if EAP-TLS might work better for any non-MS devices we might use in future (iPads, Android devices etc?)
Last edited by gshaw; 8th June 2012 at 04:38 PM.
13th June 2012, 12:14 PM #6
Can you recommend any (step by step) guides in relation to getting the Windows 2008 R2 RADIUS up and running?
Not been successful as yet (but keep trying, much easier as using Hyper-V instance) but once setup would be easier to authenticate our new laptops (with Ruckus) than coding the wireless keys in etc.
Managed to get it working following these 2 articles:
Last edited by MYK-IT; 13th June 2012 at 02:38 PM.
18th July 2012, 10:52 AM #7
Thanks! This post made me check this and solved the same problem for me!
Originally Posted by gshaw
I decided to use PEAP-MSCHAPv2 and a check on whether the machine is a domain computer. Therefore all domain machines can join with no extra info supplied but non domain machines are rejected.
By Sheridan in forum Wireless Networks
Last Post: 24th October 2011, 01:21 PM
By HodgeHi in forum Wireless Networks
Last Post: 30th April 2009, 10:39 AM
By strawberry in forum How do you do....it?
Last Post: 16th July 2008, 04:10 PM
By plexer in forum Wireless Networks
Last Post: 1st December 2006, 10:15 AM
By spc-rocket in forum Wireless Networks
Last Post: 11th December 2005, 12:48 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)