Hi,
I'm having trouble setting up an AP541N cluster with Windows 2008R2 NPS as radius server which is a member server in AD. The problem is the EAP type since I keep getting this error message: "The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server."
The actual eventlog says:
....
- EventData
SubjectUserSid S-1-0-0
SubjectUserName xxxxxx
SubjectDomainName XXXXXXXX
FullyQualifiedSubjectUserName XXXXXXXX\xxxxxxxx
SubjectMachineSID S-1-0-0
SubjectMachineName -
FullyQualifiedSubjectMachineName -
MachineInventory -
CalledStationID 00-21-29-06-EB-60:apams
CallingStationID 48-5D-60-00-06-7B
NASIPv4Address 10.65.0.57
NASIPv6Address -
NASIdentifier -
NASPortType Wireless - IEEE 802.11
NASPort 0
ClientName apams2
ClientIPAddress 10.65.0.57
ProxyPolicyName Use Windows authentication for all users
NetworkPolicyName -
AuthenticationProvider Windows
AuthenticationServer xxxxxxx.xxxxxxxx.xxxxxxxx
AuthenticationType -
EAPType -
AccountSessionIdentifier -
ReasonCode 22
Reason The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.
I tried all the different settings but the error persists.
Below a sample from a sniffer dump.
Frame: Number = 28, Captured Frame Length = 199, MediaType = ETHERNET
+ Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[00-50-56-BF-5A-1A],SourceAddress:[00-0F-90-53-9A-5F]
+ Ipv4: Src = 10.65.0.57, Dest = 10.64.2.25, Next Protocol = UDP, Packet ID = 60685, Total IP Length = 185
+ Udp: SrcPort = 32771, DstPort = 1812, Length = 165
- Radius: Access Request, Id = 0, Length = 157
MessageType: Access Request, 1(0x01)
Identifier: 0 (0x0)
AllLength: 157 (0x9D)
Authenticator: 4D 4F D9 41 20 B4 4E 12 07 A8 38 25 48 22 C6 15
- AttributeUserName: xxxxxxxx
Type: User Name, 1(0x1)
Length: 10 (0xA)
UserName: xxxxxxxx
- AttributeNasIPAddress: 10.65.0.57
Type: NAS IP Address, 4(0x4)
Length: 6 (0x6)
NasIPAddress: 10.65.0.57
- AttributeNasPort: 0
Type: NAS Port, 5(0x5)
Length: 6 (0x6)
NasPort: 0 (0x0)
- AttributeCalledStationID: 00-21-29-06-EB-60:apams
Type: Called Station Id, 30(0x1e)
Length: 28 (0x1C)
CalledStationID: 00-21-29-06-EB-60:apams
- AttributeStationID: 48-5D-60-00-06-7B
Type: Calling Station Id, 31(0x1f)
Length: 19 (0x13)
CallingStationID: 48-5D-60-00-06-7B
- AttributeFramedMTU: 1400
Type: Framed MTU, 12(0xc)
Length: 6 (0x6)
FramedMTU: 1400 (0x578)
- AttributeRadiusNASPortType: Wireless - IEEE 802.11, 19(0x13)
Type: NAS Port Type, 61(0x3d)
Length: 6 (0x6)
NASPortType: Wireless - IEEE 802.11, 19(0x13)
- AttributeConnectInfo:
Type: Connect Info, 77(0x4d)
Length: 23 (0x17)
ConnectInfo: Binary Large Object (21 Bytes)
- AttributeEAPMessage:
Type: EAP Message, 79(0x4f)
Length: 15 (0xF)
- AttributeMessageAuthenticator:
Type: Message Authenticator, 80(0x50)
Length: 18 (0x12)
MessageAuthenticator: Binary Large Object (16 Bytes)
- EAPMessage: Response, Type = Identity
Code: Response, 2(0x2)
Identifier: 0 (0x0)
Length: 13 bytes
Type: Identity, 1(0x1)
IdentityData: xxxxxxxx
The AP541N does have all the default settings. Basically WPA2 Enterprise with fast reconnect.
Microsoft NPS has a self signed certificate. I have tried EAP-MSCHAP v2 and Microsoft EAP (PEAP) with the certificate selected but with no result.
I have read the different posts here and I see that it should work. Maybe someone is so kind to post the configs used for the AP541N and NPS.
Thanks for any reaction.