Solved: Re: EAP Auth problems....

jasonhumes · ‎05-22-2003

Hello

I'm trying to do EAP-TLS and for some reason every time I start authentication, the first time it tries, it fails with this error message:

EAP retry limit reached for Station (StationName)

And then almost exactly 1 minute later, it will try to auth again and this time, it usually works fine. Any ideas. Thanks

djbradley · ‎06-04-2003

Jason, I feel your pain but I think I know your answer. The newest client software stores your credentials. If you go into ACU and edit your profile you will see, if you scroll down, a listing for Username, Password, and Domain. You will find that your user name is filled in after you login the first time but not your password. What happens the next time you login, I think, is that the client tries to log you in with the incomplete credentials and only after it fails will it come up and ask you for you to enter them. When you enter them you are then given access to the network and allowed to reach the DHCP server. If your remove all credential info from your profile it will ask you to login immediately. If you enter all three you will be logged in automatically, which of course has major security issues. Remove all traces of credential info from your profile and try it. Let me know.

View solution in original post

derwin · ‎05-26-2003

Hi Jason,

You will need to look at the EAP diag on the AP and also the debugs on the server to try and establish the cause of the first failure. You may have too bigger delay in contacting your certificate server but this is only a guess without more information

djbradley · ‎06-04-2003

Jason, I feel your pain but I think I know your answer. The newest client software stores your credentials. If you go into ACU and edit your profile you will see, if you scroll down, a listing for Username, Password, and Domain. You will find that your user name is filled in after you login the first time but not your password. What happens the next time you login, I think, is that the client tries to log you in with the incomplete credentials and only after it fails will it come up and ask you for you to enter them. When you enter them you are then given access to the network and allowed to reach the DHCP server. If your remove all credential info from your profile it will ask you to login immediately. If you enter all three you will be logged in automatically, which of course has major security issues. Remove all traces of credential info from your profile and try it. Let me know.

jasonhumes · ‎06-04-2003

Well I dont really know what the solution to my problem was, but it is working now and what you said regarding cached logon info sounds like it could have been the culprit. I basically installed the ACU and wireless card into a couple of different notebooks which have never had the ACU installed on them before and all of them seemed to work just fine. Although, we now use PEAP for authentication to the Windows 2000 IAS server and find it much easier to scale for new users etc. thanks for all your help though.

vandrle · ‎06-06-2003

Hello,

sorry for this way, but I read you now use PEAP for authentication to the Windows 2000 IAS server. Could you please have a look to my contribution, just one row below yours, called PEAP authentication problems and give me any idea.

Thank you very much.