Michael chen
2008-08-22 02:44:00 UTC
i have installed IAS Server on Windows 2003 r2 standard for d-link des-1228
switches 802.1x wired authentication .I want to perform MD5-Challege for AD
user rather than PEAP.Our AD is windows 2003.clients are wxp sp2 or later.
I puzzled why NAS-PORT-TYPE IN Policy conditions was Ethernet,but ias log
shows Wireless - IEEE 802.11 ?
Here is the Policy conditions:
NAS-Port-Type matches "Ethernet"AND Windows-Groups matches "ASIA\#CN - WUJ
Radius"
the following is ias log detail:
The line logged into the file:
NAS-IP-Address : 10.200.224.47
User-Name : ASIA\radius
Record-Date : 08/21/2008
Record-Time : 14:38:59
Service-Name : IAS
Computer-Name : WUJNT009
NAS-IP-Address : 10.200.224.47
NAS-Port : 0
Called-Station-Id : 00-1C-F0-BD-C2-95
Calling-Station-Id : 00-03-25-58-80-10
Framed-MTU : 1300
NAS-Port-Type : Wireless - IEEE 802.11
Connect-Info : CONNECT 10/100Mbps
Client-IP-Address : 10.200.224.47
Client-Vendor : RADIUS Standard
Client-Friendly-Name: 2F HP LAB 224.47
Provider-Type : Windows
Proxy-Policy-Name : Use Windows authentication for all users
Class : 311 1 10.200.224.16 08/15/2008 07:22:12 10
SAM-Account-Name : ASIA\radius
Fully-Qualifed-User-Name: ASIA\radius
Authentication-Type : EAP
Packet-Type : Access-Request
Reason-Code : The operation completed successfully.
NAS-IP-Address : 10.200.224.47
User-Name : ASIA\radius
Record-Date : 08/21/2008
Record-Time : 14:38:59
Service-Name : IAS
Computer-Name : WUJNT009
Class : 311 1 10.200.224.16 08/15/2008 07:22:12 10
Authentication-Type : EAP
Fully-Qualifed-User-Name: ASIA\radius
SAM-Account-Name : ASIA\radius
Proxy-Policy-Name : Use Windows authentication for all users
Provider-Type : Windows
Client-Friendly-Name: 2F HP LAB 224.47
Client-Vendor : RADIUS Standard
Client-IP-Address : 10.200.224.47
Packet-Type : Access-Reject
Reason-Code : The connection attempt did not match any remote
access policy.
switches 802.1x wired authentication .I want to perform MD5-Challege for AD
user rather than PEAP.Our AD is windows 2003.clients are wxp sp2 or later.
I puzzled why NAS-PORT-TYPE IN Policy conditions was Ethernet,but ias log
shows Wireless - IEEE 802.11 ?
Here is the Policy conditions:
NAS-Port-Type matches "Ethernet"AND Windows-Groups matches "ASIA\#CN - WUJ
Radius"
the following is ias log detail:
The line logged into the file:
NAS-IP-Address : 10.200.224.47
User-Name : ASIA\radius
Record-Date : 08/21/2008
Record-Time : 14:38:59
Service-Name : IAS
Computer-Name : WUJNT009
NAS-IP-Address : 10.200.224.47
NAS-Port : 0
Called-Station-Id : 00-1C-F0-BD-C2-95
Calling-Station-Id : 00-03-25-58-80-10
Framed-MTU : 1300
NAS-Port-Type : Wireless - IEEE 802.11
Connect-Info : CONNECT 10/100Mbps
Client-IP-Address : 10.200.224.47
Client-Vendor : RADIUS Standard
Client-Friendly-Name: 2F HP LAB 224.47
Provider-Type : Windows
Proxy-Policy-Name : Use Windows authentication for all users
Class : 311 1 10.200.224.16 08/15/2008 07:22:12 10
SAM-Account-Name : ASIA\radius
Fully-Qualifed-User-Name: ASIA\radius
Authentication-Type : EAP
Packet-Type : Access-Request
Reason-Code : The operation completed successfully.
NAS-IP-Address : 10.200.224.47
User-Name : ASIA\radius
Record-Date : 08/21/2008
Record-Time : 14:38:59
Service-Name : IAS
Computer-Name : WUJNT009
Class : 311 1 10.200.224.16 08/15/2008 07:22:12 10
Authentication-Type : EAP
Fully-Qualifed-User-Name: ASIA\radius
SAM-Account-Name : ASIA\radius
Proxy-Policy-Name : Use Windows authentication for all users
Provider-Type : Windows
Client-Friendly-Name: 2F HP LAB 224.47
Client-Vendor : RADIUS Standard
Client-IP-Address : 10.200.224.47
Packet-Type : Access-Reject
Reason-Code : The connection attempt did not match any remote
access policy.