cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5517
Views
0
Helpful
14
Replies

Cisco Aironet 1040 and Radius Auth Failure

ams-it
Level 1
Level 1

Alright now this might seem bizarre but I am really hoping someone can work out what I am doing wrong!

I have setup a Cisco Aironet 1040 to connect to our Radius server which I have also configured.

I can successfully connect up any Iphone or Ipad but I cannot get any laptop to connect.

I have attached the logs showing the Iphone Successfully logging in and the Laptop Failing.

Every single failure in the Event log for NPS comes up with

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:

    Security ID:            NULL SID

    Account Name:            scottd

    Account Domain:            AMSLAN

    Fully Qualified Account Name:    AMSLAN\scottd

Client Machine:

    Security ID:            NULL SID

    Account Name:            -

    Fully Qualified Account Name:    -

    OS-Version:            -

    Called Station Identifier:        5835.d976.9420

    Calling Station Identifier:        d0df.9a92.0f40

NAS:

    NAS IPv4 Address:        192.168.2.98

    NAS IPv6 Address:        -

    NAS Identifier:            ap

    NAS Port-Type:            Wireless - IEEE 802.11

    NAS Port:            336

RADIUS Client:

    Client Friendly Name:        Cisco  AP

    Client IP Address:            192.168.2.98

Authentication Details:

    Connection Request Policy Name:    Secure Wireless Connections

    Network Policy Name:        -

    Authentication Provider:        Windows

    Authentication Server:        AMS-DC3.lan.ams.co.nz

    Authentication Type:        PEAP

    EAP Type:            -

    Account Session Identifier:        -

    Logging Results:            Accounting information was written to the local log file.

    Reason Code:            266

    Reason:                The message received was unexpected or badly formatted.

A successful Iphone connection shows as below

Network Policy Server granted access to a user.

User:

    Security ID:            AMSLAN\scottd

    Account Name:            scottd

    Account Domain:            AMSLAN

    Fully Qualified Account Name:    AMSLAN\scottd

Client Machine:

    Security ID:            NULL SID

    Account Name:            -

    Fully Qualified Account Name:    -

    OS-Version:            -

    Called Station Identifier:        5835.d976.9420

    Calling Station Identifier:        dc2b.6196.184b

NAS:

    NAS IPv4 Address:        192.168.2.98

    NAS IPv6 Address:        -

    NAS Identifier:            ap

    NAS Port-Type:            Wireless - IEEE 802.11

    NAS Port:            324

RADIUS Client:

    Client Friendly Name:        Cisco  AP

    Client IP Address:            192.168.2.98

Authentication Details:

    Connection Request Policy Name:    Secure Wireless Connections

    Network Policy Name:        Secure Wireless Connections

    Authentication Provider:        Windows

    Authentication Server:        AMS-DC3.lan.ams.co.nz

    Authentication Type:        PEAP

    EAP Type:            Microsoft: Secured password (EAP-MSCHAP v2)

    Account Session Identifier:        -

    Logging Results:            Accounting information was written to the local log file.

Quarantine Information:

    Result:                Full Access

    Session Identifier:            -

I just cannot for the life of me find any settings or configuration that will allow this to work. I am hoping that someone may have seen this or be able to offer some insight into what could be wrong.

Thanks in advance!

14 Replies 14

ams-it
Level 1
Level 1

Still having this issue if anyone is able to supply any kind of information to point me in the right direction it would be much appreciated!

Yea, i see is doesnt like it ...

Sep 25 23:47:26.884: dot11_auth_dot1x_parse_aaa_resp: Received server response: FAIL

Question, why is the security ID different between the Apple and the laptop?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

I wish I knew! The same information is entered but it doesn't seem to send the security ID no matter how I set up the wireless connection on the PC

What supplicant are you using on the laptop ?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

I have tried it on both Win XP and WIndows 7 both get the exact same error.

Tried it with and without certificates on, the certificate works as that is what it uses on the Iphones and Ipads

Tried WPA and WPA2 with AES or TKIP

on the Radius setup under NPS if I have any kind of authentication setup I get the

Reason Code:            266

Reason:                The message received was unexpected or badly formatted.

If I set everything to open then it will connect fine so there is no issue with that side of things it's definetly to do with the security used, but whether it is a Cisco AP setting or a windows server/cleint setting eludes me.

read this ... see if this helps at all

http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/fc4d949b-7ac5-4c50-b984-4c16b3710716/

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

From everything I can see this is working correctly as the Iphones use the certificates.

used to have a similar issues on several of our laptops depending on how they were built.

Driver updates fixed our problem though - not sur eif it will for you? but the error was the same for use

Reason:                The message received was unexpected or badly formatted.

I had already given drivers ago, But I tried again anyway. Sadly this didn't fix the problem.

ams-it
Level 1
Level 1

Just tried a Wireless USB stick in multiple hardware and get the exact same issue, peap appears to be the issue but this is what the Iphones say they are connecting with and they work.....

ajamerica
Level 1
Level 1

Was there any updates with this?  I am running into the same issue with 2008 R2 NPS....

jenwilson
Level 1
Level 1

Too many Trusted Auth Certs on the Radius server after update?

See

http://social.technet.microsoft.com/Forums/en-US/winserveressentials/thread/2636b892-7113-4692-a4f4-53d330ca6062

and

http://support.microsoft.com/kb/933430

Method 3 in the above link of adding the regentry SendTrustedIssuerList to 0 fixed the issue for me.

Ivaylo Georgiev
Level 1
Level 1

Scott,

How did you solve this?

Review Cisco Networking for a $25 gift card