WDS authentication to Microsoft IAS

colin.lynch · ‎11-22-2005

Hi All

I have just set up a EAP-TLS WPA2 wireless LAN for a client and all works fine, authticating users to IAS.

However I am trying to now setup WDS and am finding that the APs are not authticating nor is the WDS AP.

I have set this up many times with an ACS server and have never had issues. The documentation indicates that the WDS authentication is via LEAP so is that why it is not working?

Not being that familiar with IAS can it support LEAP authentications?

My Plan today is to set an AP up as a local raduis and send Infrustucture authentications to it but still send user authtications to the IAS.

Any advice would be appreciated.

Regards

Colin

scottmac · ‎11-23-2005

Microsoft IAS does not support LEAP or EAP-FAST.

The local RADIUS server in the AP does, but you are limited to 50 usernames, 50 NAS, or any combination adding up to 50.

IAS does support EAP-TLS and PEAP (with MS-CHAPv2).

Good Luck

Scott

ggiusti · ‎11-23-2005

Hi, I have a problem with radius authentication, I'm using IAS server, PEAP (with MS-CHAPv2), AP1231G, Active directory and CA (certificates), my problem is when wireless client try to connect to de network, the IAS server reject the client.

Any people could help me ?

Guillermo.

djoconnor · ‎11-25-2005

Firstly dont worry, the combination you have above does work - there will be a config problem somewhere.

What does the IAS log in the Windows event log (System, source = IAS) say?. If there is no entry then check that the root certificate and clocks are set correctly on the clients.

Have a quick look at http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/60fa5de5-58a0-4673-be1e-dd24fb1014a4.mspx

rolltidega72 · ‎12-09-2005

I have a very similar configuration that is not working with IAS. I have PEAP setup using MS-CHAPv2, but when the access point sends the credentials to the IAS server, it is coming in as CHAP and not MS-CHAPv2! I get an access denied from IAS stating invalid username or password and a failed login in the security log saying that the user cannot log on to this computer. My user account is valid and works already. Any ideas?

gtwhaley · ‎11-28-2005

Could be a few different things. What is the client? If it is the Intel 2200 chipset getting the correct driver is key. Make sure the client config section that says "verify server certificate" is NOT checked. Hope this helps.

g

ggiusti · ‎11-29-2005

Thanks, yes the client is a Intel 2200 and other brands. I have advanced, I´d had problem with the certificates, now I use PEAP authentication and WPA/TKIP encryption, but when I want to use WPA/AES to encryption, the Access Point console give me an error:

"Client (mac address) WPAIE not found and required"

What it this ????

ggiusti · ‎12-12-2005

I resolved my problem with a hotfix in windows XP, the hotfix is KB893357, this support WPAv2.

Guillermo.