06-19-2006 05:24 AM - edited 07-04-2021 12:22 PM
This is a EAP MSCHAPv2 properties configuration: automatically use my windows logon name and password(and domain if any). Has anyone implemented this in the production? I tried this option with no luck. It looks like when enable it, windows sends "domain/username" as the username for authentication, and I could not find a way to strip the domain or host name from that. So authentation failed. Thanks for any comments.
06-22-2006 11:36 PM
Hi
What are you using to authenticate your clients?
MS has a webpage that details setting up PEAP/MSCHAP with just MS stuff - IAS etc....
http://www.microsoft.com/technet/security/topics/cryptographyetc/peap_0.mspx
Regards
Aaron
Please rate helpful posts...
06-23-2006 10:21 AM
you can use realms to strip off the "@domain.com" with a stand alone radius server. You should see if you can do this in your implementation.
06-26-2006 10:15 AM
Hi, thanks for the replies.
I am using PEAP/MSChapV2 to authenticate clients. When I enabled "automatically use my windows logon name and password(and domain if any)", after client log in with username "aaa" and domain name "abc", the WLC controller sends "abc\aaa" as username to ACS server for authentication. I can see the radius request packets at ACS server, but ACS server just silently ignore it without doing anything. There is no "accept" or "rejuct" responce with this request and no "passed" or "failed" records about this request in radius accounting activities. WLC always got timeout error. Any idea about this?
Thanks
06-26-2006 12:41 PM
See this guide (figure 9 in particular)
Have you set the correct settings here?
Aaron
Please rate helpful posts...
06-27-2006 04:57 AM
Everything is configured ok. I will open a case with TAC and will post the solution here later. Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide