I'm trying to use my Cisco AP541n as a RADIUS client connected to a Windows Server 2003 IAS using PEAP-MSCHAPv2.
The communication between the AP and IAS seems to be OK, according to Wireshark (Access-Requests and Access-Accepts), but my AP doesn't like my mobile devices.
I tried with a handheld device with Windows Embedded CE 6.0 and the AP eventlog shows this:
|info||hostapd||wlan0: STA 00:17:23:a0:4c:cd IEEE 802.1X: Incoming RADIUS packet did not have correct Message-Authenticator - dropped|
So I configured and reconfigured but the problem persisted. Eventually I thought the Embedded CE isn't doing such a great job.
Then I tried my Windows 7 notebook and look:
|info||hostapd||wlan0: STA c4:17:fe:b8:fd:41 IEEE 802.1X: Incoming RADIUS packet did not have correct Message-Authenticator - dropped|
I tried everything. New certificates, new Active Directory Users (and permissions), new security credentials.
I even completely de - and reinstalled my W2k3 IAS and certificate services, but I could not solve the problem.
Like I said, Wireshark captures indicate a nice and smooth connection between AP and IAS, even with different logins (test users, test certificates, ...),
only the AP wouldn't let anything into the network with said error message.
I'm angry and likely to stay at WPA2 personal (with which everything works quite nice, except the WLAN is not letting my Windows 7 machine in, even with static IP...).
So does anybody have any conclusion to this?
I'd appreciate it..
edit: typos, lousy keyboard
can you please open the radius packet header on the wireshark and check for the Auth-Type value? It should be set to Accept
P.S.:Please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.
you won't believe this...:
After I wrote my question in the forums, I decided to change the ONE setting I didn't touch yet, the system vendor in the IAS client settings.
It was set to Cisco, apparently, and I changed it to "Standard RADIUS".
|info||hostapd||wlan0: STA 00:17:23:a0:4c:cd IEEE 802.1X: authenticated - identity '' EAP type: 25 (PEAP)|
Oh man...I just cannot understand why this went wrong, does somebody?
Sorry to bother you and thanks for the fast reply, but this thread is solved...