cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2143
Views
0
Helpful
2
Replies

Windows Server 2003 IAS RADIUS with Cisco AP541n

lalalenni
Level 1
Level 1

Hi,

I'm trying to use my Cisco AP541n as a RADIUS client connected to a Windows Server 2003 IAS using PEAP-MSCHAPv2.

The communication between the AP and IAS seems to be OK, according to Wireshark (Access-Requests and Access-Accepts), but my AP doesn't like my mobile devices.

I tried with a handheld device with Windows Embedded CE 6.0 and the AP eventlog shows this:

info hostapd wlan0: STA 00:17:23:a0:4c:cd IEEE 802.1X: Incoming RADIUS packet did not have correct Message-Authenticator - dropped

So I configured and reconfigured but the problem persisted. Eventually I thought the Embedded CE isn't doing such a great job.

Then I tried my Windows 7 notebook and look:

info hostapd wlan0: STA c4:17:fe:b8:fd:41 IEEE 802.1X: Incoming RADIUS packet did not have correct Message-Authenticator - dropped

I tried everything. New certificates, new Active Directory Users (and permissions), new security credentials.

I even completely de - and reinstalled my W2k3 IAS and certificate services, but I could not solve the problem.

Like I said, Wireshark captures indicate a nice and smooth connection between AP and IAS, even with different logins (test users, test certificates, ...),

only the AP wouldn't let anything into the network with said error message.

I'm angry and likely to stay at WPA2 personal (with which everything works quite nice, except the WLAN is not letting my Windows 7 machine in, even with static IP...).

So does anybody have any conclusion to this?

I'd appreciate it..

So long

lalalenni

edit: typos, lousy keyboard

2 Replies 2

andamani
Cisco Employee
Cisco Employee

hi,

can you please open the radius packet header on the wireshark and check for the Auth-Type value? It should be set to Accept

Regards,

Anisha

P.S.:Please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

Hi Anisha,

you won't believe this...:

After I wrote my question in the forums, I decided to change the ONE setting I didn't touch yet, the system vendor in the IAS client settings.

It was set to Cisco, apparently, and I changed it to "Standard RADIUS".

Let's see:

info hostapd wlan0: STA 00:17:23:a0:4c:cd IEEE 802.1X: authenticated - identity '' EAP type: 25 (PEAP)

Oh man...I just cannot understand why this went wrong, does somebody?

Sorry to bother you and thanks for the fast reply, but this thread is solved...

lalalenni

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: