Configure 1200 for Radius

Unanswered Question
Mar 14th, 2007

Hello all! I am trying to configure the 1200 AP for radius auth to IAS 2003 server. according to the event viewer it says that the AP is trying to login as domainname/Guest. How do i correctly configure the AP to auth to the radius server?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dancampb Sat, 03/17/2007 - 08:42

You are not going to be able to configure the AP to strip the domain name. This is set by the client. Depending on the supplicant you are using you might be able to configure it to not include the domain name.

jeromehenry_2 Mon, 03/19/2007 - 03:51

Did you set up your IAS client ? Typically, your AP will be known to the IAS as a client, using its IP address and a shared secret.

Then on the AP, you would identify the IAS as the radius, and mention the same shared secret.

Is it what you did ?

Kind regards

Jerome

carnold5@gmail.com Mon, 03/19/2007 - 06:43

Yes, that is what i did and when i look at the Server event logs, it gives the AP IP address and says "Guest" from the domain is trying to loogin. On the PC, i enter the username and password and domain name so i am not sure why it says "Guest" is trying to login. I can post the config file, i think, if you like?

jeromehenry_2 Mon, 03/19/2007 - 14:42

Sorry, but I still don't really get your point when you talk about "PC" and guest.

The AP is known on the IAS as a client, so the AP is not authenticated. You should see the Ap act as a relay, but it is not the one that should be authenticated.

It would be interesting to see your AP config, but also screenshot of your IAS client config and policy config... do you think you could post these ?

Tx

J

jeromehenry_2 Tue, 03/20/2007 - 02:26

Hi,

Got it, thanks.

AP config seems to be fine.

ON IAS, he reason why the user is the AP is that you do not set condition by which the user should be identified as belonging the a certain windows group, s as the client is not identified, only the AP is seen.

Why I don't clearly get is he criteria you try to set as condition, could you explain them please ? From what I see, you use virtual, which is typically smething I use to authentication ssh sessions, and ^311$ which says to process Access-Request messages sent by RADIUS clients that are computers running the Microsoft Routing and Remote Access service... a bit confusing for me... so can you explain what condition you try to set ?

Oh BTW, in you client config, the client vendor should be Cisco and not radius standard...

J

carnold5@gmail.com Tue, 03/20/2007 - 10:48

Thats good to know that the AP config looks fine. I see what you are saying about the IAS policy but i have left the IAS config "default" (as it is when i installed it). We have a Juniper firewall that worked with the IAS default config so i thought the AP would too. Also, i used "user" instead of group in this policy and i am trying to use EAP/PEAP. So, i did make another IAS policy for "wireless" and in that policy, it does not have "virtual or ^311$. I will now test this and report back. Thanks for all your help and patience!

carnold5@gmail.com Tue, 03/20/2007 - 12:18

OK, tested with me IAS policy and still get the same error. I have placed some new files at the same address but the filename is APpolicy.zip. I still dont think the AP is configured right for radius.

Actions

This Discussion

 

 

Trending Topics - Security & Network