02-17-2009 02:54 PM - edited 07-03-2021 05:11 PM
Anyone have any luck getting this to work? I am at this point just trying to get the radius set up and get the certificate pulled into the EAP section of NPS. Or know if Cisco supports this type of setup. My 2003 IAS box was a snap but now have the Windows Team forcing this god-awful OS onto me to use. Any help docs links appreciated.
04-02-2009 08:03 PM
I am having the same issue, seems to be an incompatibility between the WLC and NPS when it comes to authentication - it keeps telling me that there is a key mismatch. Have you been able to sort your problem out as yet?
06-02-2011 06:34 PM
HI Guys,
Were any of you able to work out WLC 5508 with Windows 2008 NPS. I'm currently running OS 7.x on my WLC and my server is Windows 2008 R2. Any thoughts are really appreciated.
Thanks,
Sergio
06-05-2011 08:35 PM
Hi all, I also started to working on this bind. I found this article, but it is not helpfull regarding 2008.
So lets do this work together.
06-05-2011 09:42 PM
Did you install NPS server and register it in AD?
01-15-2012 06:09 PM
Wow, this thread is still going?
I found a solution to the issue:
1. Install NPS
2. Start NPS and Register in AD
3. Configure Network Policy for Computers
4. Configure Network Policy for Users
5. Setup RADIUS client
6. Set up Wireless GPO (if you want to automate client distribution)
The rest of the settings need to be as per your controller setup, below are settings for WPA2 enterprise
That should do it - it worked for me!
01-15-2012 06:20 PM
i'll try this out eugene. thanks for sharing. feedback when its running! thanks!!!
01-23-2012 06:26 AM
mine is not working. i have followed the above guide except for automation of wireless settings for client. i manually configured the 802.1x wireless settings. it is a lab set-up,
1. AD with Certificate Services enabled (internal CA)
2. NPS on separate server registered to AD, certificate is present issued by internal CA
3. WLC configured, pointed to NPS
4. client windows 7, certificate issued from web enrollment
i am having this error,
*Dot1x_NW_MsgTask_0: Jan 24 04:05:12.010: e8:39:df:b6:35:bc Sending EAP Attribute (code=2, length=11, id=2) for mobile e8:39:df:b6:35:bc
*Dot1x_NW_MsgTask_0: Jan 24 04:05:12.010: 00000000: 02 02 00 0b 01 72 6f 75 74 65 72 .....router
*Dot1x_NW_MsgTask_0: Jan 24 04:05:12.010: e8:39:df:b6:35:bc [BE-req] Radius EAP/Local WLAN 1.
*Dot1x_NW_MsgTask_0: Jan 24 04:05:12.011: e8:39:df:b6:35:bc [BE-req] Sending auth request to 'RADIUS' (proto 0x140001)
*aaaQueueReader: Jan 24 04:05:12.011: apfVapRadiusInfoGet: WLAN(1) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*aaaQueueReader: Jan 24 04:05:12.011: e8:39:df:b6:35:bc Successful transmission of Authentication Packet (id 7) to 192.168.1.8:1812, proxy state e8:39:df:b6:35:bc-00:00
*radiusTransportThread: Jan 24 04:05:12.021: ****Enter processIncomingMessages: response code=3
*radiusTransportThread: Jan 24 04:05:12.021: ****Enter processRadiusResponse: response code=3
*radiusTransportThread: Jan 24 04:05:12.021: e8:39:df:b6:35:bc Access-Reject received from RADIUS server 192.168.1.8 for mobile e8:39:df:b6:35:bc receiveId = 7
*radiusTransportThread: Jan 24 04:05:12.021: e8:39:df:b6:35:bc [Error] Client requested no retries for mobile E8:39:DF:B6:35:BC
*radiusTransportThread: Jan 24 04:05:12.021: e8:39:df:b6:35:bc Returning AAA Error 'Authentication Failed' (-4) for mobile e8:39:df:b6:35:bc
*radiusTransportThread: Jan 24 04:05:12.021: e8:39:df:b6:35:bc [BE-resp] AAA response 'Authentication Failed'
*radiusTransportThread: Jan 24 04:05:12.021: e8:39:df:b6:35:bc [BE-resp] Returning AAA response
*radiusTransportThread: Jan 24 04:05:12.021: e8:39:df:b6:35:bc AAA Message 'Authentication Failed' received for mobile e8:39:df:b6:35:bc
please do help, thanks!!!
01-23-2012 04:20 PM
I think there is an issue with the configuration of the RADIUS server, have you checked the event logs?
Your WLAN Controller log reports: "Access-Reject received from RADIUS server" and "
AAA response 'Authentication Failed'"
In my experience this is due to one of the following:
1. Invalid user account and/or password
2. Computer not a member of domain
3. Certificate services not working properly
4. Certificate expired, or
5. RADIUS incorrectly configured
6. Access key incorrectly entered - it IS case-sensitive (so is the SSID)
Check the event log, your answer may be there.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide