×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

WDS authentication to Microsoft IAS

Unanswered Question
Nov 22nd, 2005
User Badges:

Hi All

I have just set up a EAP-TLS WPA2 wireless LAN for a client and all works fine, authticating users to IAS.


However I am trying to now setup WDS and am finding that the APs are not authticating nor is the WDS AP.


I have set this up many times with an ACS server and have never had issues. The documentation indicates that the WDS authentication is via LEAP so is that why it is not working?


Not being that familiar with IAS can it support LEAP authentications?


My Plan today is to set an AP up as a local raduis and send Infrustucture authentications to it but still send user authtications to the IAS.


Any advice would be appreciated.

Regards

Colin

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
scottmac Wed, 11/23/2005 - 06:21
User Badges:
  • Green, 3000 points or more

Microsoft IAS does not support LEAP or EAP-FAST.


The local RADIUS server in the AP does, but you are limited to 50 usernames, 50 NAS, or any combination adding up to 50.


IAS does support EAP-TLS and PEAP (with MS-CHAPv2).


Good Luck


Scott


djoconnor Fri, 11/25/2005 - 22:17
User Badges:

Firstly dont worry, the combination you have above does work - there will be a config problem somewhere.


What does the IAS log in the Windows event log (System, source = IAS) say?. If there is no entry then check that the root certificate and clocks are set correctly on the clients.



Have a quick look at http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/60fa5de5-58a0-4673-be1e-dd24fb1014a4.mspx




rolltidega72 Fri, 12/09/2005 - 07:04
User Badges:

I have a very similar configuration that is not working with IAS. I have PEAP setup using MS-CHAPv2, but when the access point sends the credentials to the IAS server, it is coming in as CHAP and not MS-CHAPv2! I get an access denied from IAS stating invalid username or password and a failed login in the security log saying that the user cannot log on to this computer. My user account is valid and works already. Any ideas?

gtwhaley Mon, 11/28/2005 - 16:34
User Badges:

Could be a few different things. What is the client? If it is the Intel 2200 chipset getting the correct driver is key. Make sure the client config section that says "verify server certificate" is NOT checked. Hope this helps.

g


Thanks, yes the client is a Intel 2200 and other brands. I have advanced, I´d had problem with the certificates, now I use PEAP authentication and WPA/TKIP encryption, but when I want to use WPA/AES to encryption, the Access Point console give me an error:

"Client (mac address) WPAIE not found and required"

What it this ????


Actions

This Discussion

 

 

Trending Topics - Security & Network