Hi,
I want to use EAP-TLS with my shiny new certificates issued by my new Windows CA, and what happens? Nothing works.
I don't have a clue what I should do. I try to establish a EAP-TLS connection using my Windows CE mobile device, but my cisco AP541N logs this:
Oct 18 15:42:58 | info | hostapd | wlan0: STA 00:17:23:xx:xx:xx IEEE 802.1X: Supplicant used different EAP type: 3 (Nak) |
Oct 18 15:42:58 | warn | hostapd | wlan0: STA 00:17:23:xx:xx:xx IEEE 802.1X: authentication failed - identity 'XXXXXX' EAP type: 13 (TLS) |
Oct 18 15:42:58 | info | hostapd | The wireless client with MAC address 00:17:23:xx:xx:xx had an authentication failure. |
NPS logs this:
Name der Verbindungsanforderungsrichtlinie: Sichere Drahtlosverbindungen 2
Netzwerkrichtlinienname: XXXXXX
Authentifizierungsanbieter: Windows
Authentifizierungsserver: XXXXX
Authentifizierungstyp: EAP
EAP-Typ: -
Kontositzungs-ID: -
Protokollierungsergebnisse: Die Kontoinformationen wurden in die lokale Protokolldatei geschrieben.
Ursachencode: 22
Ursache: Der Client konnte nicht authentifiziert werden, da der angegebene EAP (Extensible Authentication-Protokoll)-Typ vom Server nicht verarbeitet werden kann.
I'm sorry it's german, but the gist is: The server can't process the authentication with the specified EAP type, which should be EAP-TLS.
I think the NAK answer in my cisco AP logs is the problem. Well, not the problem, since it is the standard procedure in the EAP request / challenge, I think, but somebody messes up with it.
Did anybody encounter something like this before? Or just knows what to do?
Thanks in advance
Lenni