z***@gmail.com
2009-02-13 11:12:42 UTC
Hi to everyone in this group. I have a problem and haven' find any
solution to it yet. It would be nice if someone could help me out:
I set up a domain controller (Windows Server 2008), and installed
DHCP, NPS (before known as IAS), AD certificate services and created
my own enterprise root certificate, let's call it ExampleCA. I
registered NPS in AD, and configured 802.1x settings for wireless
connection using wizzard. In network policy, I allowed access to
everyone in newly created WirelessAccess group. I added a computer
named Client1 to this group and newly created user WirelessUser to the
same group. As a RADIUS client, I added a Planet AP.
After that, I set up Client 1 machine (first I used wired connection
to add the computer to the domain I named auth.com, and then logged on
as ***@auth.com....Then in Preffered networks, I added the
network I configured on acces point, using open authentication and wep
encryption...In 802.1x settings I selected PEAP MSCHAPv2, selected
Validate server certificate (I found it on the list - ExampleCA), and
unselected Authenticate as computer when computer information is
available, as well as Authenticate as guest....I also unselected Use
my windows logon...in MSCHAPv2 settings.
Now here is the problem: when I try to authenticate (user
authentication), it NEVER asks me to enter user credentials and there
are never traces of user authentication in log files. And when I
select Authenticate as computer when computer information is
available, authentication succeeds, but in log files there are only
traces of computer authentication, like this:
"AUTHSERVER","IAS",02/11/2009,00:01:25,1,"host/Client1.auth.com","AUTH
\CLIENT1$","00304f4c776e","00304f4e3def",,,"Realtek Access Point.
8181","192.168.0.1",0,0,"192.168.0.1","PLANET",,,19,"CONNECT 11Mbps
802.11b",,2,11,"Secure Wireless Connections",0,"311 1
fe80::9c11:ced0:97f:4d11 02/10/2009 22:33:37 46",,,,"Microsoft:
Secured password (EAP-MSCHAP v2)",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"AUTHSERVER","IAS",02/11/2009,00:01:25,2,,"AUTH\CLIENT1$",,,,,,,,
0,"192.168.0.1","PLANET",,,,,1,2,11,"Secure Wireless Connections",
0,"311 1 fe80::9c11:ced0:97f:4d11 02/10/2009 22:33:37
46",,,,"Microsoft: Secured password (EAP-MSCHAP
v2)",,,,,,,,,,,,,,,,,,,,,,,,,,,"0x0141555448",,,"Use Windows
authentication for all users",1,,,,
Does anyone have a clue what went wrong. In network policy it is said
that every computer or user that is a memeber of WirelessAccess can
access network, if the configuration of the auth method is properly
configured....
Also I have a question:
Is it possible that problem is with the certificate (I assumed that,
if the certificate is shown in the field while i configured wireless
client, it is also present in the user certificate store)? Do I have
to do something else with the certificate (via the mmc console) or i
set it up right?
solution to it yet. It would be nice if someone could help me out:
I set up a domain controller (Windows Server 2008), and installed
DHCP, NPS (before known as IAS), AD certificate services and created
my own enterprise root certificate, let's call it ExampleCA. I
registered NPS in AD, and configured 802.1x settings for wireless
connection using wizzard. In network policy, I allowed access to
everyone in newly created WirelessAccess group. I added a computer
named Client1 to this group and newly created user WirelessUser to the
same group. As a RADIUS client, I added a Planet AP.
After that, I set up Client 1 machine (first I used wired connection
to add the computer to the domain I named auth.com, and then logged on
as ***@auth.com....Then in Preffered networks, I added the
network I configured on acces point, using open authentication and wep
encryption...In 802.1x settings I selected PEAP MSCHAPv2, selected
Validate server certificate (I found it on the list - ExampleCA), and
unselected Authenticate as computer when computer information is
available, as well as Authenticate as guest....I also unselected Use
my windows logon...in MSCHAPv2 settings.
Now here is the problem: when I try to authenticate (user
authentication), it NEVER asks me to enter user credentials and there
are never traces of user authentication in log files. And when I
select Authenticate as computer when computer information is
available, authentication succeeds, but in log files there are only
traces of computer authentication, like this:
"AUTHSERVER","IAS",02/11/2009,00:01:25,1,"host/Client1.auth.com","AUTH
\CLIENT1$","00304f4c776e","00304f4e3def",,,"Realtek Access Point.
8181","192.168.0.1",0,0,"192.168.0.1","PLANET",,,19,"CONNECT 11Mbps
802.11b",,2,11,"Secure Wireless Connections",0,"311 1
fe80::9c11:ced0:97f:4d11 02/10/2009 22:33:37 46",,,,"Microsoft:
Secured password (EAP-MSCHAP v2)",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use
Windows authentication for all users",1,,,,
"AUTHSERVER","IAS",02/11/2009,00:01:25,2,,"AUTH\CLIENT1$",,,,,,,,
0,"192.168.0.1","PLANET",,,,,1,2,11,"Secure Wireless Connections",
0,"311 1 fe80::9c11:ced0:97f:4d11 02/10/2009 22:33:37
46",,,,"Microsoft: Secured password (EAP-MSCHAP
v2)",,,,,,,,,,,,,,,,,,,,,,,,,,,"0x0141555448",,,"Use Windows
authentication for all users",1,,,,
Does anyone have a clue what went wrong. In network policy it is said
that every computer or user that is a memeber of WirelessAccess can
access network, if the configuration of the auth method is properly
configured....
Also I have a question:
Is it possible that problem is with the certificate (I assumed that,
if the certificate is shown in the field while i configured wireless
client, it is also present in the user certificate store)? Do I have
to do something else with the certificate (via the mmc console) or i
set it up right?