I currently have 70+ AP in system, no controller and use no encryption. I want to move towards WPA or peap with the ACS as my AAA and I use microsoft AD and LDAP for user authenication. For test purposes I am using a self sign cert in the ACS. I have tha APs configured for open auth EAP, TKIP, Network EAP, keymanagement mandentory and WPA.
I have the dell wireless client set up for WPA-enterprise, PEAP and MS-Chap v2.
I constant recive the following error in the ACS External DB reports about an error condition and after several attempts Authen session timed out: Challenge not provided by client.
Scratching my head, and a little dazed and confused.
Can someone tell me what I am missing, or messed up. I have been working on this for 8 days.
Take a look at this doc:
Thank for the doc, but i still couldn't get it to work here is a copy of the debug dot11 aa authenicator all.
i keep getting a authentication fail
I ran a
ITSTESTAP#test aaa group radius mike xxxxxxx legacy
Attempting authentication test to server-group radius using radius
User was successfully authenticated.
And it works. I configed Ap to use WEP open authenication, but still get a fail
What do you mean you configured the AP for WEP and it failed? You mean that you setup WEP encryption on that AP and a user configured for WEP failed?
I used the Doc you sent me and started over from stracth in my AP config So I configed it for WEP encrption (open EAP, network EAP, wep key mandantory encryption key 2 (no key).
I then configed my client for peap ms-chap-2 and try to authenicate to LDAp and it failed.
After creating local user I can authicate. Getting closer.
But i can't auhtenicate with LDAP or AD account. When I do a test aaa group radius domain\username password legacy it gives me user succeffully authenicated. Any ideas?
Well your radius server is the one passign the credentials... what shows up in the radius logs.
Your encryption is WPA2/AES PEAP/MSChapv2 correct?
MSCHAPv2 is not supported on Generic LDAP on ACS if the LDAP server does not support clear-text username/password. And AD falls into this category.
I have a remote agent installed on one of my domain machine and configured generic LDAP and also windows dats as my external databases, I want to use WPA as my encryption. What changes ti I need make or can i make then to use the two external database and no client cert to make this work?