WLC 4402 RADIUS Authentication with IAS

keynet · ‎12-13-2006

Hello

I configured a WLAN with PEAP (CHAP v2)and Radius authentication to a Win 2003 IAS Radius Server.

On the controller 4402 the layer 2 security is set to WPA1+WPA2 with 802.1x authentication.

The IAS server don't use the configured policy when a authentication reguest arrive.

I there an issue with special RADIUS attributes or configuration items on the IAS Server?

The following event appear in the windows logs:

User STANS\kaesmr was denied access.

Fully-Qualified-User-Name = STANS\kaesmr

NAS-IP-Address = 172.17.25.6

NAS-Identifier = keynet-01

Called-Station-Identifier = 00-18-74-FB-CA-20:keynet

Calling-Station-Identifier = 00-16-CE-52-C8-EB

Client-Friendly-Name = Wireless-Controller

Client-IP-Address = 172.17.25.6

NAS-Port-Type = Wireless - IEEE 802.11

NAS-Port = 1

Proxy-Policy-Name = Windows-Authentifizierung f?r alle Benutzer verwenden

Authentication-Provider = Windows

Authentication-Server = <undetermined>

Policy-Name = <undetermined>

Authentication-Type = Extension

EAP-Type = <undetermined>

Reason-Code = 21

Reason = The request was rejected by a third-party extension DLL file.

Report Inappropriate Content · ‎12-19-2006

What I understand from your post is that the authentication is not handled by your IAS server. IF I am correct, the problem might be with the "Allow AA override" option disabled in your WLAN. If it is enabled, then the AAA server or your IAS server will override the security parameters set locally on the controller.

So, first ensure whether "Allow AAA override" is enabled under Controller--->WLAN field.

Also, chek out the logs of the IAS server for obtaining more info on this.