Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3679
Views
0
Helpful
3
Replies

Aironet 1200 and windows 2008 radius

ernst.panstra
Level 1
Level 1

‎03-27-2012 12:04 AM - edited ‎07-03-2021 09:52 PM

Hi,

I have some aironet 1200 AP's. I want to use this with a windows 2008 radius server. I followed the guide on http://techblog.mirabito.net.au/?p=87. Unfortunately I can not get this working. In the securtiy log of the event viewer there is always the message "authenication was not succesful because an unknown username or incorrect password".

- Is it possible to get this working?

- If yes, is there a manual how to configure the AP's and the radius server, or are there any hints?

- Is this the best way to setup a wireless network or is there a better way?

I saw there is also a local radius server inside the 1200. Can all the 1200's work together? I suppose that if I use the built-in radius server than I can't make a connection to my AD database, correct?

Hope you can help me.

Regards,
Ernst

Labels:
0 Helpful
3 Replies 3

Gerald Wiltse
Level 1
Level 1

‎03-28-2012 06:02 AM

Yes it's possible. I configured fully functioning AD Integrated server 2008 radius and got my 1040 AP's to do the EAP authentication to it. It took a lot of trial and error and it's a pretty deep configuration but in my opinioin, it's the best way to do Wifi authentication.  It was several months ago so I'm a bit foggy, I'll do my best to help.

I'm not at the point where I can say that "incorrect password" error is "xyz configuration" issue, but post the AAA and radius server configs and we'll take a look. Maybe somebody else is at that level.

Actually, maybe I do know... it depends on what client you're using for the eap auth.   If you're using native windows 7 or xp, first it will use the computer account which doesn't actually use a password exactly (it would have to be joined to the domain for that to work).  With any client, you can instead specify that it should use an actual username and password of a person.

I remember that I made it work with both the windows XP native client and the Dell wireless client, but both had little nuances.

Wow... I just realized I should specify:

---------------------------------

Amendment

--I just remembered some of the other details:

1.  Are you even trying to use it for EAP wireless auth, or just standard AAA auth for the access point management login?

2.  The password error might be a shared mismatch... emm, maybe not. Double check it and report back.

Regards,

Jerry

0 Helpful

johncaston_2
Level 1
Level 1

‎03-28-2012 07:27 AM

Hi Ernst,

As Gerald mentioned, it is certainly possible to use IAS / NPS for authentication, I've used it many times.

One thing that you might want to check is in the NPS policy, set it to ignore Dial-In settings on the account properties, which is deny by default.

Otherwise there must be a mis-match in the security protocol setup - you might want to give us more details of how the NPS is configured

Cheers,

John

Sent from Cisco Technical Support iPad App

0 Helpful

ernst.panstra
Level 1
Level 1
In response to johncaston_2

‎04-02-2012 12:54 AM

Hi,

Thanks for your reply.

However, in the mean time I reconfigured the aironet to use the built-in radius server instead of a windows radius server. This is also not working, all the login attempts failed with an unknown username.

We have standard windows clients (XP and win7) and some mobile devices (android).

Where to look why the username's are wrong?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card