01-24-2003 08:25 AM - edited 07-04-2021 08:28 AM
Hi guys,
I have a wireless network composed by IAS server on windows 2000 server, I'd wish to authenticate the clients by the IAS server in the leap-tls mode (certificates + login) and the communication must be encrypted in wep, but the authentication fails.I tried with winXP and Win2K and use LEAP authentication in ACU utility.
in the IAS server, the authentication is set in EAP with the certificate server (installed and configured in the same machine)
these are the logs of "debug radius" in aironet 1100 console:
RADIUS: User-Name [1] 18 "ICT-TEST-01\leap"
RADIUS: Framed-MTU [12] 6 1400
RADIUS: Called-Station-Id [30] 16 "0002.8a0e.3494"
RADIUS: Calling-Station-Id [31] 16 "0009.7c72.30fa"
RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
RADIUS: Message-Authenticato[80] 18 *
RADIUS: EAP-Message [79] 8
RADIUS: 02 03 00 06 03 11 [??????]
RADIUS: NAS-Port-Type [61] 6 Virtual [5]
RADIUS: NAS-Port [5] 6 163
RADIUS: State [24] 24
RADIUS: 1A FB 02 79 00 00 01 37 00 01 C0 A8 00 D0 00 00 [???y???7????????]
RADIUS: 00 01 00 00 00 06 [??????]
RADIUS: Service-Type [6] 6 Login [1]
RADIUS: NAS-IP-Address [4] 6 192.168.0.213
RADIUS: Nas-Identifier [32] 13 "ICT-AP-00 "
RADIUS: Received from id 26 192.168.0.208:1812, Access-Challenge, len76
RADIUS: authenticator 29 44 AF 62 13 8C 9B 17 - 17 B9 98 28 7E 29 E8A1
RADIUS: Session-Timeout [27] 6 30
RADIUS: EAP-Message [79] 8
RADIUS: 01 03 00 06 0D 20 [????? ]
RADIUS: State [24] 24
RADIUS: 1A FB 02 79 00 00 01 37 00 01 C0 A8 00 D0 00 00 [???y???7????????]
RADIUS: 00 01 00 00 00 06 [??????]
RADIUS: Message-Authenticato[80] 18 *
RADIUS: Received from id A5
RADIUS/DECODE: EAP-Message fragments, 6, total 6 bytes
RADIUS: not a valid author-type 0!!
RADIUS/ENCODE(000000A5): acct_session_id: 165
RADIUS(000000A5): sending
RADIUS: Send to unknown id 27 192.168.0.208:1812, Access-Request, len 169
RADIUS: authenticator 1C 2C 9E C0 72 C9 EE 96 - 49 78 C5 87 13 9A 36AE
*******************************
and these are the logs of microsoft IAS Server:
Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 26/12/2002
Time: 14.28.35
User: N/A
Computer: ICT-TEST-00
Description:
User leap was denied access.
Fully-Qualified-User-Name = <undetermined>
NAS-IP-Address = 192.168.0.213
NAS-Identifier = ICT-AP-00
Called-Station-Identifier = 0002.8a0e.3494
Calling-Station-Identifier = 0009.7c72.30fa
Client-Friendly-Name = ICT-AP-00
Client-IP-Address = 192.168.0.213
NAS-Port-Type = 19
NAS-Port = 90
Policy-Name = <undetermined>
Authentication-Type = <undetermined>
EAP-Type = <undetermined>
Reason-Code = 18
Reason = The specified authentication type is not supported on this system.
**********************************************
thanx a lot
Dani
01-24-2003 10:00 AM
Here is your answer from the debugs
Reason = The specified authentication type is not supported on this system.
LEAP can only be used on servers that support leap
Third-Party AAA RADIUS Support
Several third-party AAA RADIUS servers including Funk Software (Steel-Belted RADIUS) and Interlink Networks (AAA RADIUS) now support the Cisco LEAP security framework. These servers, along with the Cisco Secure Access Control Server (ACS) and Cisco Access Registrar (AR), provide network managers with flexibility and options for selecting back-end services without compromising WLAN security.
The microsoft server may support EAP but it doesnt support LEAP
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide