Wireless EAP getting auth OK but not auth'ing

Unanswered Question
Apr 3rd, 2010

Hi Everyone,

Hoping someone can point me in the right direction here. I have a user on my wireless lan which is 802.1x EAP authenticated via my domain controller (Fruityloops / 192.168.0.4) and my AP is 192.168.0.2 and for the record <<001c.bfa9.f53e>> is the MAC of the end user (STN).

From reading the snippet 1 when it gets "Received from 192.168.0.4 Access-Accept" but it never lets the user authenticate.

Could someone tell me what I'm doing wrong? I want this one single MAC on full bypass authentication which is why it has a proxy-policy-name with that MAC as the client calling-station-identifier so it doesn't try to auth as its my dad's work laptop and his work use another domain name which causes clashes.

Thanks.

<<< Snippet from AP's terminal monitor >>>
*Apr  3 13:18:00.841: %DOT11-6-ASSOC: Interface Dot11Radio0, Station ap 0013.e8b3.5361 Associated KEY_MGMT[NONE]
*Apr  3 13:18:00.844: RADIUS/ENCODE(0000000A):Orig. component type = DOT11
*Apr  3 13:18:00.844: RADIUS(0000000A): Using existing nas_port 263
*Apr  3 13:18:00.844: RADIUS(0000000A): Config NAS IP: 192.168.0.2
*Apr  3 13:18:00.844: RADIUS(0000000A): Send Accounting-Request to 192.168.0.4:1813 id 1646/1, len 259
*Apr  3 13:18:00.850: RADIUS: Received from id 1646/1 192.168.0.4:1813, Accounting-response, len 20
*Apr  3 13:21:49.614: RADIUS/ENCODE(0000000B):Orig. component type = DOT11
*Apr  3 13:21:49.614: RADIUS(0000000B): Storing nasport 264 in rad_db
*Apr  3 13:21:49.614: RADIUS(0000000B): Config NAS IP: 192.168.0.2
*Apr  3 13:21:49.614: RADIUS(0000000B): Config NAS IP: 192.168.0.2
*Apr  3 13:21:49.614: RADIUS(0000000B): Send Access-Request to 192.168.0.4:1812 id 1645/16, len 113
*Apr  3 13:21:49.629: RADIUS: Received from id 1645/16 192.168.0.4:1812, Access-Accept, len 52
*Apr  3 13:21:49.630: %DOT11-6-ASSOC: Interface Dot11Radio0, Station ap 001c.bfa9.f53e Associated KEY_MGMT[NONE]
*Apr  3 13:24:45.851: %DOT11-7-AUTH_FAILED: Station 001c.bfa9.f53e Authentication failed
*Apr  3 13:25:29.026: %DOT11-7-AUTH_FAILED: Station 001c.bfa9.f53e Authentication failed


<<Snippet from IAS System Log>>
Type: Info
ID: 1

User  was granted access.
Fully-Qualified-User-Name = <undetermined>
NAS-IP-Address = 192.168.0.2
NAS-Identifier = ap
Client-Friendly-Name = CiscoAP1
Client-IP-Address = 192.168.0.2
Calling-Station-Identifier = 001c.bfa9.f53e
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 264
Proxy-Policy-Name = PaulWifi
Authentication-Provider = <none>
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = <undetermined>
EAP-Type = <undetermined>

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion

 

 

Trending Topics - Security & Network