cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1764
Views
0
Helpful
2
Replies
Beginner

Windows Server 2003 IAS RADIUS with Cisco AP541n

Hi,

I'm trying to use my Cisco AP541n as a RADIUS client connected to a Windows Server 2003 IAS using PEAP-MSCHAPv2.

The communication between the AP and IAS seems to be OK, according to Wireshark (Access-Requests and Access-Accepts), but my AP doesn't like my mobile devices.

I tried with a handheld device with Windows Embedded CE 6.0 and the AP eventlog shows this:

info hostapd wlan0: STA 00:17:23:a0:4c:cd IEEE 802.1X: Incoming RADIUS packet did not have correct Message-Authenticator - dropped

So I configured and reconfigured but the problem persisted. Eventually I thought the Embedded CE isn't doing such a great job.

Then I tried my Windows 7 notebook and look:

info hostapd wlan0: STA c4:17:fe:b8:fd:41 IEEE 802.1X: Incoming RADIUS packet did not have correct Message-Authenticator - dropped

I tried everything. New certificates, new Active Directory Users (and permissions), new security credentials.

I even completely de - and reinstalled my W2k3 IAS and certificate services, but I could not solve the problem.

Like I said, Wireshark captures indicate a nice and smooth connection between AP and IAS, even with different logins (test users, test certificates, ...),

only the AP wouldn't let anything into the network with said error message.

I'm angry and likely to stay at WPA2 personal (with which everything works quite nice, except the WLAN is not letting my Windows 7 machine in, even with static IP...).

So does anybody have any conclusion to this?

I'd appreciate it..

So long

lalalenni

edit: typos, lousy keyboard

2 REPLIES 2
Highlighted
Cisco Employee

Windows Server 2003 IAS RADIUS with Cisco AP541n

hi,

can you please open the radius packet header on the wireshark and check for the Auth-Type value? It should be set to Accept

Regards,

Anisha

P.S.:Please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

Beginner

Windows Server 2003 IAS RADIUS with Cisco AP541n

Hi Anisha,

you won't believe this...:

After I wrote my question in the forums, I decided to change the ONE setting I didn't touch yet, the system vendor in the IAS client settings.

It was set to Cisco, apparently, and I changed it to "Standard RADIUS".

Let's see:

info hostapd wlan0: STA 00:17:23:a0:4c:cd IEEE 802.1X: authenticated - identity '' EAP type: 25 (PEAP)

Oh man...I just cannot understand why this went wrong, does somebody?

Sorry to bother you and thanks for the fast reply, but this thread is solved...

lalalenni