802.1x Profile Issue

Unanswered Question
Oct 17th, 2008
User Badges:

we are using 802.1x Peap mschap v2.


Whenever our users log into their computers they can't use the wireless. It prompts for username/password and domain and typing it in won't work, it just keeps asking


but when i ahev them sign into the domain in the wired network and then try, they can login just fine


could there be an issue where the domain controller doesn't have a profile created?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Scott Fella Fri, 10/17/2008 - 18:10
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

What does the radius server log show. Also, what error do you see on the WLC?

thompso7540 Mon, 10/20/2008 - 09:36
User Badges:

So they are logging in with laptops not on the domain, and it prompt that local user/pass checkbox


is that a problem if we are doing radius into ldap?


Like they have a domain account but are not on a laptop on the domain

Scott Fella Mon, 10/20/2008 - 17:07
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

The prompt is specified when you create the profile on the machine. You can either have the user get prompt for login, save a username and password or use the cache credentials. You need to look at the errors in radius and in the wlc. One will have enough info to say what went wrong during the authentication process.

thompso7540 Mon, 10/20/2008 - 17:19
User Badges:

Here are the debugs from teh wlc. when i uncheck peap - don't automatically use windows login with windows wireless zero; it lets me type in the domain name and i am able to get it to work



Scott Fella Mon, 10/20/2008 - 17:25
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

So it works when you type the domain\username and then the password. Have you tried to uncheck the "Authenticate as computer when computer information is available"? I do think you need to specify the domain though.

thompso7540 Mon, 10/20/2008 - 17:37
User Badges:

the acs says this


EAP-TLS or PEAP authentication failed during SSL handshake


Scott Fella Mon, 10/20/2008 - 17:44
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Make sure you uncheck "Validate Server Certificate", unless you add the CA to the trusted certificate store.

Actions

This Discussion

 

 

Trending Topics - Security & Network