Microsoft IAS PEAP & WPA/TKIP

Unanswered Question
Nov 8th, 2007
User Badges:

I am trying to get the AP's that I manage to authenticate users against our Active Directory using Microsoft IAS. I have a combination of AP1231G and AP1131G units which have been configured to authenticate against the IAS server, but my auths are failing. The basics of the Configs are as follows:


AP's

aaa group server radius rad_eap

server 10.X.X.X auth-port 1812 acct-port 1813

dot11 ssid test

authentication open eap eap_methods

authentication network-eap eap_methods

authentication key-management wpa

radius-server attribute 32 include-in-access-req format %h

radius-server host 10.3.24.16 auth-port 1812 acct-port 1813

radius-server vsa send accounting


The IAS is configured for PEAP/MS-CHAPv2


Ant thoughts on why my Auths are failing?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
andrew.brazier@... Fri, 11/09/2007 - 06:39
User Badges:
  • Bronze, 100 points or more

Could be all sorts of things : ) What errors are there in the AP logs? In the EV on the server running IAS? How is your certificate configured and deployed?


A really good tool for configuring this setup on a Windows network is the Microsoft WLAN-PEAP Toolkit available from here:


http://go.microsoft.com/fwlink/?linkid=23481


It's got some very good scripts which do almost all the configuration you need for IAS, Cert Authority, etc, etc and some very good documentation on setting it all up and configuring it.

tpelley Fri, 11/09/2007 - 06:47
User Badges:

Thanks, Some really helpful info here. I tracked the problem down to a Remote Access Policy that was just a bit too narrow in scope and corrected the issue. Everything is working now.


Thanks for the info.

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode