Authentication Failed

adcorbett_2 · ‎05-18-2009

Hello. I have set up a 1130AG autonomou access point. My users are using Panasonic Toughbook touchpads. Most of my shops are working fine but one will not let users authenticate. I have them using RADIUS to a Windows 2003 server with WPA-TKIP. Whenever a user tries to log in, I see "Authentication Failed". The debug on the AP looks like this:

*Mar 1 00:05:25.406: dot11_auth_add_client_entry: Create new client 0013.e0ba.21a1 for application 0x1

*Mar 1 00:05:25.406: dot11_auth_initialize_client: 0013.e0ba.21a1 is added to the client list for application 0x1

*Mar 1 00:05:25.406: dot11_auth_add_client_entry: req->auth_type 0

*Mar 1 00:05:25.407: dot11_auth_add_client_entry: auth_methods_inprocess: 2

*Mar 1 00:05:25.407: dot11_auth_add_client_entry: eap list name: eap_methods

*Mar 1 00:05:25.407: dot11_run_auth_methods: Start auth method EAP or LEAP

*Mar 1 00:05:25.407: dot11_auth_send_msg: sending data to requestor status 1

*Mar 1 00:05:25.407: dot11_auth_send_msg: Sending EAPOL to requestor

*Mar 1 00:05:26.025: dot11_auth_send_msg: sending data to requestor status 1

*Mar 1 00:05:26.025: dot11_auth_send_msg: Sending EAPOL to requestor

*Mar 1 00:05:56.025: dot11_auth_send_msg: sending data to requestor status 0

*Mar 1 00:05:56.025: dot11_auth_send_msg: client FAILED to authenticate 0013.e0ba.21a1, node_type 64 for application 0x1

*Mar 1 00:05:56.025: dot11_auth_delete_client_entry: 0013.e0ba.21a1 is deleted for application 0x1

*Mar 1 00:05:56.025: %DOT11-7-AUTH_FAILED: Station 0013.e0ba.21a1 Authentication failed

On another note, I cannot get the date to stay correct. I set time and date and then after a reboot, it reverts back to March 1 2002.

Any ideas?

adcorbett_2 · ‎05-18-2009

Here is the config for the AP

Robert.N.Barrett_2 · ‎05-18-2009

What error is showing up in your IAS logs?

adcorbett_2 · ‎06-22-2009

Sorry this took so long - I have just enabled the IAS logs, so I will have to check those. Over the last month I have been tweaking and have it working here and there but it is NEVER consistant. This is the debug now when it fails:

Jun 22 17:33:28.014: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start

Jun 22 17:33:28.015: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0013.e0ba.f038

Jun 22 17:33:28.015: dot11_auth_dot1x_send_id_req_to_client: Client 0013.e0ba.f038 timer started for 30 seconds

Jun 22 17:33:28.610: dot11_auth_parse_client_pak: Received EAPOL packet from 0013.e0ba.f038

Jun 22 17:33:28.610: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 0013.e0ba.f038

Jun 22 17:33:28.610: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0013.e0ba.f038

Jun 22 17:33:28.611: dot11_auth_dot1x_send_id_req_to_client: Client 0013.e0ba.f038 timer started for 30 seconds

Jun 22 17:33:58.610: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,TIMEOUT) for 0013.e0ba.f038

Jun 22 17:33:58.610: dot11_auth_dot1x_send_client_fail: Authentication failed for 0013.e0ba.f038

Jun 22 17:33:58.611: %DOT11-7-AUTH_FAILED: Station 0013.e0ba.f038 Authentication failed

Jun 22 17:33:59.871: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start

Jun 22 17:33:59.871: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0013.e0ba.f038

Jun 22 17:33:59.871: dot11_auth_dot1x_send_id_req_to_client: Client 0013.e0ba.f038 timer started for 30 seconds

Jun 22 17:34:01.511: dot11_auth_parse_client_pak: Received EAPOL packet from 0013.e0ba.f038

Jun 22 17:34:01.511: dot11_auth_parse_client_pak: id is not matching req-id:255resp-id:1, waiting for response

It looks like it is timing out. The Panasonic Toughbooks are running CE and are not joined to the domain. It associates with the WLAN ok, and brings up a username/password/domain login box. They put in thier credentials and that is when I get the above debug.

I will check the IAS logs and let you know about them. Thanks for any help on this it's driving me NUTS. Sometimes it works most of the time it doesn't.