WPA with ACS 4.2 not working

Unanswered Question
Nov 4th, 2008

I currently have 70+ AP in system, no controller and use no encryption. I want to move towards WPA or peap with the ACS as my AAA and I use microsoft AD and LDAP for user authenication. For test purposes I am using a self sign cert in the ACS. I have tha APs configured for open auth EAP, TKIP, Network EAP, keymanagement mandentory and WPA.

I have the dell wireless client set up for WPA-enterprise, PEAP and MS-Chap v2.

I constant recive the following error in the ACS External DB reports about an error condition and after several attempts Authen session timed out: Challenge not provided by client.

Scratching my head, and a little dazed and confused.

Can someone tell me what I am missing, or messed up. I have been working on this for 8 days.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
michael.m.williams Wed, 11/05/2008 - 10:01

Thank for the doc, but i still couldn't get it to work here is a copy of the debug dot11 aa authenicator all.

i keep getting a authentication fail

I ran a

ITSTESTAP#test aaa group radius mike xxxxxxx legacy

Attempting authentication test to server-group radius using radius

User was successfully authenticated.

And it works. I configed Ap to use WEP open authenication, but still get a fail


Scott Fella Wed, 11/05/2008 - 12:02

What do you mean you configured the AP for WEP and it failed? You mean that you setup WEP encryption on that AP and a user configured for WEP failed?

michael.m.williams Wed, 11/05/2008 - 13:23


I used the Doc you sent me and started over from stracth in my AP config So I configed it for WEP encrption (open EAP, network EAP, wep key mandantory encryption key 2 (no key).

I then configed my client for peap ms-chap-2 and try to authenicate to LDAp and it failed.

After creating local user I can authicate. Getting closer.

But i can't auhtenicate with LDAP or AD account. When I do a test aaa group radius domain\username password legacy it gives me user succeffully authenicated. Any ideas?


Scott Fella Wed, 11/05/2008 - 13:25

Well your radius server is the one passign the credentials... what shows up in the radius logs.

Your encryption is WPA2/AES PEAP/MSChapv2 correct?

michael.m.williams Wed, 11/05/2008 - 14:11

In the ACS under the failed atempts report tab I have "authenication type not support by external db"

michael.m.williams Thu, 11/06/2008 - 06:52

I have a remote agent installed on one of my domain machine and configured generic LDAP and also windows dats as my external databases, I want to use WPA as my encryption. What changes ti I need make or can i make then to use the two external database and no client cert to make this work?



This Discussion



Trending Topics - Security & Network