802.1x Profile Issue

Unanswered Question
Oct 17th, 2008

we are using 802.1x Peap mschap v2.

Whenever our users log into their computers they can't use the wireless. It prompts for username/password and domain and typing it in won't work, it just keeps asking

but when i ahev them sign into the domain in the wired network and then try, they can login just fine

could there be an issue where the domain controller doesn't have a profile created?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Scott Fella Fri, 10/17/2008 - 18:10

What does the radius server log show. Also, what error do you see on the WLC?

thompso7540 Mon, 10/20/2008 - 09:36

So they are logging in with laptops not on the domain, and it prompt that local user/pass checkbox

is that a problem if we are doing radius into ldap?

Like they have a domain account but are not on a laptop on the domain

Scott Fella Mon, 10/20/2008 - 17:07

The prompt is specified when you create the profile on the machine. You can either have the user get prompt for login, save a username and password or use the cache credentials. You need to look at the errors in radius and in the wlc. One will have enough info to say what went wrong during the authentication process.

thompso7540 Mon, 10/20/2008 - 17:19

Here are the debugs from teh wlc. when i uncheck peap - don't automatically use windows login with windows wireless zero; it lets me type in the domain name and i am able to get it to work

Scott Fella Mon, 10/20/2008 - 17:25

So it works when you type the domain\username and then the password. Have you tried to uncheck the "Authenticate as computer when computer information is available"? I do think you need to specify the domain though.

thompso7540 Mon, 10/20/2008 - 17:37

the acs says this

EAP-TLS or PEAP authentication failed during SSL handshake

Scott Fella Mon, 10/20/2008 - 17:44

Make sure you uncheck "Validate Server Certificate", unless you add the CA to the trusted certificate store.


This Discussion



Trending Topics - Security & Network