MS IAS and third party certificates

hrifa at safelayer.com hrifa at safelayer.com
Wed Feb 26 11:16:16 EST 2003


Hi everyone,

I try to configure a 802.1x wifi with EAP-TLS authentication. I'm using the
Microsoft IAS Radius Server and a WinXP client.
I have no problems when using certificates issued by my Microsoft CA, but
when I try to use a third party CA I can not connect to the network.
IAS error code is 16: "There was an authentication failure because of an
unknown user name
or a bad password" (I enclose the log at the end).
It seems ActiveDirectory can not authenticate the certificate, but I don't
know why. My third party CA certificate is trusted by the system.

Any useful information would be greatly appreciated.

Helena

The line logged into the file:
192.168.7.118,hrifa at wireless.safelayer.com,02/26/
2003,16:40:32,IAS,BONY,30,0040965432e8,31,000bbe262fed,32,AP350-5432e8,5,37,12,1
400,61,19,6,1,4108,192.168.7.118,4116,0,4128,CiscoAP,5000,ssid=1,25,311 1
192.16
8.7.105 02/26/2003 13:57:01
12,4129,WIRELESS\hrifa,4127,5,4130,wireless.safelaye
r.com/Users/Helena Rifa,4136,1,4142,0

 NAS-IP-Address      : 192.168.7.118
 User-Name           : hrifa at wireless.safelayer.com
 Record-Date         : 02/26/2003
 Record-Time         : 16:40:32
 Service-Name        : IAS
 Computer-Name       : BONY
 Called-Station-Id   : 0040965432e8
 Calling-Station-Id  : 000bbe262fed
 NAS-Identifier      : AP350-5432e8
 NAS-Port            : 37
 Framed-MTU          : 1400
 NAS-Port-Type       : 19
 Service-Type        : Login
 Client-IP-Address   : 192.168.7.118
 Client-Vendor       : Radius Standard
 Client-Friendly-Name: CiscoAP
 Cisco-AV-Pair       : ssid=1
 Class               : 311 1 192.168.7.105 02/26/2003 13:57:01 12
 SAM-Account-Name    : WIRELESS\hrifa
 Authentication-Type : EAP
 Fully-Qualifed-User-Name: wireless.safelayer.com/Users/Helena Rifa
 Packet-Type         : Access-Request
 Reason-Code         : La operaci¾n se ha completado correctamente.


The line logged into the file:
192.168.7.118,hrifa at wireless.safelayer.com,02/26/
2003,16:40:32,IAS,BONY,25,311 1 192.168.7.105 02/26/2003 13:57:01
12,4130,wirele
ss.safelayer.com/Users/Helena
Rifa,4149,EAP_TLS,4127,5,4129,WIRELESS\hrifa,4128,
CiscoAP,4116,0,4108,192.168.7.118,4136,3,4142,16

 NAS-IP-Address      : 192.168.7.118
 User-Name           : hrifa at wireless.safelayer.com
 Record-Date         : 02/26/2003
 Record-Time         : 16:40:32
 Service-Name        : IAS
 Computer-Name       : BONY
 Class               : 311 1 192.168.7.105 02/26/2003 13:57:01 12
 Fully-Qualifed-User-Name: wireless.safelayer.com/Users/Helena Rifa
 NP-Policy-Name      : EAP_TLS
 Authentication-Type : EAP
 SAM-Account-Name    : WIRELESS\hrifa
 Client-Friendly-Name: CiscoAP
 Client-Vendor       : Radius Standard
 Client-IP-Address   : 192.168.7.118
 Packet-Type         : Access-Reject
 Reason-Code         : Hubo un error de autenticaci¾n debido a un nombre de
usua
rio desconocido o a una contrase±a err¾nea.




More information about the HostAP mailing list