4isteam
asked on
Wireless with Radius Authentication
I have a 3com access point setup with Radius 802.1x authentication. The access point log files show as Authentication succesful and also at the clients "laptop" Wireless Network Connection. At the IAS Server Log files it also seems Like Authentication is succesfull although I cant get an Ip Address at the Client. From the Installation instructions for IAS and the Ca there is only one aspect I cant install. The instructions specify to make sure Ras and IAS Server Authentication CA template is Present and also Wireless Authentication. Ras and Ias Server is installed but the Wireless CA is not. When trying to install Wireless Authentication CA by going to Certificate Templates and choosing Certificate Template to issue Wireless Authentication CA is not present. Im not sure if this might be where the issue Im having lies. Here is a sample of a log file that might be Helpfull. Any help in this matter is greatly appreceiated.
EapTlsBegin(WIRELESS\test)
[1084] 21:29:05:770: SetupMachineChangeNotifica tion
[1084] 21:29:05:770: State change to Initial
[1084] 21:29:05:770: EapTlsBegin: Detected PEAP authentication
[1084] 21:29:05:770: MaxTLSMessageLength is now 16384
[1084] 21:29:05:770: CRYPT_E_NO_REVOCATION_CHEC K will not be ignored
[1084] 21:29:05:770: CRYPT_E_REVOCATION_OFFLINE will not be ignored
[1084] 21:29:05:770: The root cert will not be checked for revocation
[1084] 21:29:05:770: The cert will be checked for revocation
[1084] 21:29:05:770: EapPeapBegin done
[1084] 21:29:05:770: EapPeapMakeMessage
[1084] 21:29:05:770: EapPeapSMakeMessage
[1084] 21:29:05:770: PEAP:PEAP_STATE_INITIAL
[1084] 21:29:05:770: EapTlsSMakeMessage
[1084] 21:29:05:770: EapTlsReset
[1084] 21:29:05:770: State change to Initial
[1084] 21:29:05:770: GetCredentials
[1084] 21:29:05:770: Flag is Server and Store is local Machine
[1084] 21:29:05:770: GetCachedCredentials Flags = 0x4061
[1084] 21:29:05:770: GetCachedCredentials: Using Cached Credentials
[1084] 21:29:05:770: GetCachedCredentials: Hash of the cert in the cache is
9 6 6 2 5 C F C 8 8 E F 5 2 A B A 0 8 A 5 0 A 9 4 9 9 8 2 5 E D | . b \ . . . R . . . P . I . % . |
C D B 7 0 6 0 B 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 | . . . . . . . . . . . . . . . . |
[1084] 21:29:05:770: BuildPacket
[1084] 21:29:05:770: << Sending Request (Code: 1) packet: Id: 2, Length: 6, Type: 13, TLS blob length: 0. Flags: S
[1084] 21:29:05:770: State change to SentStart
[1084] 21:29:05:770: EapPeapSMakeMessage done
[1084] 21:29:05:770: EapPeapMakeMessage done
[1084] 21:29:05:770: EapPeapEnd12:14 AM 3/7/2005
[1084] 21:29:05:770: EapTlsEnd(wireless\test)
[1084] 21:29:05:770: EapPeapEnd done
[2240] 21:29:05:861: EapPeapMakeMessage
[2240] 21:29:05:861: EapPeapSMakeMessage
[2240] 21:29:05:861: PEAP:PEAP_STATE_TLS_INPROG RESS
[2240] 21:29:05:861: EapTlsSMakeMessage
[2240] 21:29:05:861: MakeReplyMessage
[2240] 21:29:05:861: Reallocating input TLS blob buffer
[2240] 21:29:05:861: SecurityContextFunction
[2240] 21:29:05:871: AcceptSecurityContext returned 0x90312
[2240] 21:29:05:871: State change to SentHello
[2240] 21:29:05:871: BuildPacket
[2240] 21:29:05:871: << Sending Request (Code: 1) packet: Id: 3, Length: 1396, Type: 13, TLS blob length: 4641. Flags: LM
[2240] 21:29:05:871: EapPeapSMakeMessage done
[2240] 21:29:05:871: EapPeapMakeMessage done
[1084] 21:29:05:961: EapPeapMakeMessage
[1084] 21:29:05:961: EapPeapSMakeMessage
[1084] 21:29:05:961: PEAP:PEAP_STATE_TLS_INPROG RESS
[1084] 21:29:05:961: EapTlsSMakeMessage
[1084] 21:29:05:961: BuildPacket
[1084] 21:29:05:961: << Sending Request (Code: 1) packet: Id: 4, Length: 1396, Type: 13, TLS blob length: 0. Flags: M
[1084] 21:29:05:961: EapPeapSMakeMessage done
[1084] 21:29:05:961: EapPeapMakeMessage done
[2240] 21:29:06:071: EapPeapMakeMessage
[2240] 21:29:06:071: EapPeapSMakeMessage
[2240] 21:29:06:071: PEAP:PEAP_STATE_TLS_INPROG RESS
[2240] 21:29:06:071: EapTlsSMakeMessage
[2240] 21:29:06:071: BuildPacket
[2240] 21:29:06:071: << Sending Request (Code: 1) packet: Id: 5, Length: 1396, Type: 13, TLS blob length: 0. Flags: M
[2240] 21:29:06:071: EapPeapSMakeMessage done
[2240] 21:29:06:071: EapPeapMakeMessage done
[1084] 21:29:06:171: EapPeapMakeMessage
[1084] 21:29:06:171: EapPeapSMakeMessage
[1084] 21:29:06:171: PEAP:PEAP_STATE_TLS_INPROG RESS
[1084] 21:29:06:171: EapTlsSMakeMessage
[1084] 21:29:06:171: BuildPacket
[1084] 21:29:06:171: << Sending Request (Code: 1) packet: Id: 6, Length: 481, Type: 13, TLS blob length: 0. Flags:
[1084] 21:29:06:171: EapPeapSMakeMessage done
[1084] 21:29:06:171: EapPeapMakeMessage done
[1084] 21:29:06:271: EapPeapMakeMessage
[1084] 21:29:06:271: EapPeapSMakeMessage
[1084] 21:29:06:271: PEAP:PEAP_STATE_TLS_INPROG RESS
[1084] 21:29:06:271: EapTlsSMakeMessage
[1084] 21:29:06:271: MakeReplyMessage
[1084] 21:29:06:271: Reallocating input TLS blob buffer
[1084] 21:29:06:271: SecurityContextFunction
[1084] 21:29:06:281: AcceptSecurityContext returned 0x0
[1084] 21:29:06:281: AuthenticateUser
[1084] 21:29:06:281: QueryContextAttributes failed and returned 0x8009030e
[1084] 21:29:06:281: Got no credentials from the client and executing PEAP. This is a success for eaptls.
[1084] 21:29:06:281: SetTLSFastReconnect
[1084] 21:29:06:281: IsTLSSessionReconnect
[1084] 21:29:06:281: Fast Reconnects Enabled/Disabled
[1084] 21:29:06:281: CreateMPPEKeyAttributes
[1084] 21:29:06:281: State change to SentFinished
[1084] 21:29:06:281: BuildPacket
[1084] 21:29:06:281: << Sending Request (Code: 1) packet: Id: 7, Length: 53, Type: 13, TLS blob length: 43. Flags: L
[1084] 21:29:06:281: EapPeapSMakeMessage done
[1084] 21:29:06:281: EapPeapMakeMessage done
[2240] 21:29:06:381: EapPeapMakeMessage
[2240] 21:29:06:381: EapPeapSMakeMessage
[2240] 21:29:06:381: PEAP:PEAP_STATE_TLS_INPROG RESS
[2240] 21:29:06:381: EapTlsSMakeMessage
[2240] 21:29:06:381: Negotiation successful
[2240] 21:29:06:381: BuildPacket
[2240] 21:29:06:381: << Sending Success (Code: 3) packet: Id: 7, Length: 4, Type: 0, TLS blob length: 0. Flags:
[2240] 21:29:06:381: AuthResultCode = (0), bCode = (3)
[2240] 21:29:06:381: PeapGetTunnelProperties
[2240] 21:29:06:381: Successfully negotiated TLS with following parametersdwProtocol = 0x40, Cipher= 0x6801, CipherStrength=0x80, Hash=0x8003
[2240] 21:29:06:381: PeapGetTunnelProperties done
[2240] 21:29:06:381: GetTLSSessionCookie
[2240] 21:29:06:381: IsTLSSessionReconnect
[2240] 21:29:06:381: Full TLS handshake
[2240] 21:29:06:381: PeapEncryptTunnelData
[2240] 21:29:06:381: PeapEncryptTunnelData completed with status 0x0
[2240] 21:29:06:381: EapPeapSMakeMessage done
[2240] 21:29:06:381: EapPeapMakeMessage done
[2240] 21:29:06:482: EapPeapMakeMessage
[2240] 21:29:06:482: EapPeapSMakeMessage
[2240] 21:29:06:482: PEAP:PEAP_STATE_IDENTITY_R EQUEST_SEN T
[2240] 21:29:06:482: PeapDecryptTunnelData
[2240] 21:29:06:482: PeapDecryptTunnelData completed with status 0x0
[2240] 21:29:06:482: PeapEncryptTunnelData
[2240] 21:29:06:482: PeapEncryptTunnelData completed with status 0x0
[2240] 21:29:06:482: EapPeapSMakeMessage done
[2240] 21:29:06:482: EapPeapMakeMessage done
[1084] 21:29:06:992: EapPeapMakeMessage
[1084] 21:29:06:992: EapPeapSMakeMessage
[1084] 21:29:06:992: PEAP:PEAP_STATE_EAP_TYPE_I NPROGRESS
[1084] 21:29:06:992: PeapDecryptTunnelData
[1084] 21:29:06:992: PeapDecryptTunnelData completed with status 0x0
[1084] 21:29:07:032: PeapEncryptTunnelData
[1084] 21:29:07:032: PeapEncryptTunnelData completed with status 0x0
[1084] 21:29:07:032: EapPeapSMakeMessage done
[1084] 21:29:07:032: EapPeapMakeMessage done
[2240] 21:29:07:132: EapPeapMakeMessage
[2240] 21:29:07:132: EapPeapSMakeMessage
[2240] 21:29:07:132: PEAP:PEAP_STATE_EAP_TYPE_I NPROGRESS
[2240] 21:29:07:132: PeapDecryptTunnelData
[2240] 21:29:07:132: PeapDecryptTunnelData completed with status 0x0
[2240] 21:29:07:132: CreatePEAPTLVStatusMessage
[2240] 21:29:07:132: PeapEncryptTunnelData
[2240] 21:29:07:132: PeapEncryptTunnelData completed with status 0x0
[2240] 21:29:07:132: PeapSetTypeUserAttributes
[2240] 21:29:07:132: EapPeapSMakeMessage done
[2240] 21:29:07:132: EapPeapMakeMessage done
[2240] 21:29:07:233: EapPeapMakeMessage
[2240] 21:29:07:233: EapPeapSMakeMessage
[2240] 21:29:07:233: PEAP:PEAP_STATE_PEAP_SUCCE SS_SEND
[2240] 21:29:07:233: PeapDecryptTunnelData
[2240] 21:29:07:233: PeapDecryptTunnelData completed with status 0x0
[2240] 21:29:07:233: GetPEAPTLVStatusMessageVal ue
[2240] 21:29:07:233: PeapCreateCookie
[2240] 21:29:07:233: SetTLSSessionCookie
[2240] 21:29:07:233: Session cookie set successfully
[2240] 21:29:07:233: PeapAddContextAttributes
[2240] 21:29:07:233: RasAuthAttributeConcat
[2240] 21:29:07:233: EapPeapSMakeMessage done
[2240] 21:29:07:233: EapPeapMakeMessage do
EapTlsBegin(WIRELESS\test)
[1084] 21:29:05:770: SetupMachineChangeNotifica
[1084] 21:29:05:770: State change to Initial
[1084] 21:29:05:770: EapTlsBegin: Detected PEAP authentication
[1084] 21:29:05:770: MaxTLSMessageLength is now 16384
[1084] 21:29:05:770: CRYPT_E_NO_REVOCATION_CHEC
[1084] 21:29:05:770: CRYPT_E_REVOCATION_OFFLINE
[1084] 21:29:05:770: The root cert will not be checked for revocation
[1084] 21:29:05:770: The cert will be checked for revocation
[1084] 21:29:05:770: EapPeapBegin done
[1084] 21:29:05:770: EapPeapMakeMessage
[1084] 21:29:05:770: EapPeapSMakeMessage
[1084] 21:29:05:770: PEAP:PEAP_STATE_INITIAL
[1084] 21:29:05:770: EapTlsSMakeMessage
[1084] 21:29:05:770: EapTlsReset
[1084] 21:29:05:770: State change to Initial
[1084] 21:29:05:770: GetCredentials
[1084] 21:29:05:770: Flag is Server and Store is local Machine
[1084] 21:29:05:770: GetCachedCredentials Flags = 0x4061
[1084] 21:29:05:770: GetCachedCredentials: Using Cached Credentials
[1084] 21:29:05:770: GetCachedCredentials: Hash of the cert in the cache is
9 6 6 2 5 C F C 8 8 E F 5 2 A B A 0 8 A 5 0 A 9 4 9 9 8 2 5 E D | . b \ . . . R . . . P . I . % . |
C D B 7 0 6 0 B 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 | . . . . . . . . . . . . . . . . |
[1084] 21:29:05:770: BuildPacket
[1084] 21:29:05:770: << Sending Request (Code: 1) packet: Id: 2, Length: 6, Type: 13, TLS blob length: 0. Flags: S
[1084] 21:29:05:770: State change to SentStart
[1084] 21:29:05:770: EapPeapSMakeMessage done
[1084] 21:29:05:770: EapPeapMakeMessage done
[1084] 21:29:05:770: EapPeapEnd12:14 AM 3/7/2005
[1084] 21:29:05:770: EapTlsEnd(wireless\test)
[1084] 21:29:05:770: EapPeapEnd done
[2240] 21:29:05:861: EapPeapMakeMessage
[2240] 21:29:05:861: EapPeapSMakeMessage
[2240] 21:29:05:861: PEAP:PEAP_STATE_TLS_INPROG
[2240] 21:29:05:861: EapTlsSMakeMessage
[2240] 21:29:05:861: MakeReplyMessage
[2240] 21:29:05:861: Reallocating input TLS blob buffer
[2240] 21:29:05:861: SecurityContextFunction
[2240] 21:29:05:871: AcceptSecurityContext returned 0x90312
[2240] 21:29:05:871: State change to SentHello
[2240] 21:29:05:871: BuildPacket
[2240] 21:29:05:871: << Sending Request (Code: 1) packet: Id: 3, Length: 1396, Type: 13, TLS blob length: 4641. Flags: LM
[2240] 21:29:05:871: EapPeapSMakeMessage done
[2240] 21:29:05:871: EapPeapMakeMessage done
[1084] 21:29:05:961: EapPeapMakeMessage
[1084] 21:29:05:961: EapPeapSMakeMessage
[1084] 21:29:05:961: PEAP:PEAP_STATE_TLS_INPROG
[1084] 21:29:05:961: EapTlsSMakeMessage
[1084] 21:29:05:961: BuildPacket
[1084] 21:29:05:961: << Sending Request (Code: 1) packet: Id: 4, Length: 1396, Type: 13, TLS blob length: 0. Flags: M
[1084] 21:29:05:961: EapPeapSMakeMessage done
[1084] 21:29:05:961: EapPeapMakeMessage done
[2240] 21:29:06:071: EapPeapMakeMessage
[2240] 21:29:06:071: EapPeapSMakeMessage
[2240] 21:29:06:071: PEAP:PEAP_STATE_TLS_INPROG
[2240] 21:29:06:071: EapTlsSMakeMessage
[2240] 21:29:06:071: BuildPacket
[2240] 21:29:06:071: << Sending Request (Code: 1) packet: Id: 5, Length: 1396, Type: 13, TLS blob length: 0. Flags: M
[2240] 21:29:06:071: EapPeapSMakeMessage done
[2240] 21:29:06:071: EapPeapMakeMessage done
[1084] 21:29:06:171: EapPeapMakeMessage
[1084] 21:29:06:171: EapPeapSMakeMessage
[1084] 21:29:06:171: PEAP:PEAP_STATE_TLS_INPROG
[1084] 21:29:06:171: EapTlsSMakeMessage
[1084] 21:29:06:171: BuildPacket
[1084] 21:29:06:171: << Sending Request (Code: 1) packet: Id: 6, Length: 481, Type: 13, TLS blob length: 0. Flags:
[1084] 21:29:06:171: EapPeapSMakeMessage done
[1084] 21:29:06:171: EapPeapMakeMessage done
[1084] 21:29:06:271: EapPeapMakeMessage
[1084] 21:29:06:271: EapPeapSMakeMessage
[1084] 21:29:06:271: PEAP:PEAP_STATE_TLS_INPROG
[1084] 21:29:06:271: EapTlsSMakeMessage
[1084] 21:29:06:271: MakeReplyMessage
[1084] 21:29:06:271: Reallocating input TLS blob buffer
[1084] 21:29:06:271: SecurityContextFunction
[1084] 21:29:06:281: AcceptSecurityContext returned 0x0
[1084] 21:29:06:281: AuthenticateUser
[1084] 21:29:06:281: QueryContextAttributes failed and returned 0x8009030e
[1084] 21:29:06:281: Got no credentials from the client and executing PEAP. This is a success for eaptls.
[1084] 21:29:06:281: SetTLSFastReconnect
[1084] 21:29:06:281: IsTLSSessionReconnect
[1084] 21:29:06:281: Fast Reconnects Enabled/Disabled
[1084] 21:29:06:281: CreateMPPEKeyAttributes
[1084] 21:29:06:281: State change to SentFinished
[1084] 21:29:06:281: BuildPacket
[1084] 21:29:06:281: << Sending Request (Code: 1) packet: Id: 7, Length: 53, Type: 13, TLS blob length: 43. Flags: L
[1084] 21:29:06:281: EapPeapSMakeMessage done
[1084] 21:29:06:281: EapPeapMakeMessage done
[2240] 21:29:06:381: EapPeapMakeMessage
[2240] 21:29:06:381: EapPeapSMakeMessage
[2240] 21:29:06:381: PEAP:PEAP_STATE_TLS_INPROG
[2240] 21:29:06:381: EapTlsSMakeMessage
[2240] 21:29:06:381: Negotiation successful
[2240] 21:29:06:381: BuildPacket
[2240] 21:29:06:381: << Sending Success (Code: 3) packet: Id: 7, Length: 4, Type: 0, TLS blob length: 0. Flags:
[2240] 21:29:06:381: AuthResultCode = (0), bCode = (3)
[2240] 21:29:06:381: PeapGetTunnelProperties
[2240] 21:29:06:381: Successfully negotiated TLS with following parametersdwProtocol = 0x40, Cipher= 0x6801, CipherStrength=0x80, Hash=0x8003
[2240] 21:29:06:381: PeapGetTunnelProperties done
[2240] 21:29:06:381: GetTLSSessionCookie
[2240] 21:29:06:381: IsTLSSessionReconnect
[2240] 21:29:06:381: Full TLS handshake
[2240] 21:29:06:381: PeapEncryptTunnelData
[2240] 21:29:06:381: PeapEncryptTunnelData completed with status 0x0
[2240] 21:29:06:381: EapPeapSMakeMessage done
[2240] 21:29:06:381: EapPeapMakeMessage done
[2240] 21:29:06:482: EapPeapMakeMessage
[2240] 21:29:06:482: EapPeapSMakeMessage
[2240] 21:29:06:482: PEAP:PEAP_STATE_IDENTITY_R
[2240] 21:29:06:482: PeapDecryptTunnelData
[2240] 21:29:06:482: PeapDecryptTunnelData completed with status 0x0
[2240] 21:29:06:482: PeapEncryptTunnelData
[2240] 21:29:06:482: PeapEncryptTunnelData completed with status 0x0
[2240] 21:29:06:482: EapPeapSMakeMessage done
[2240] 21:29:06:482: EapPeapMakeMessage done
[1084] 21:29:06:992: EapPeapMakeMessage
[1084] 21:29:06:992: EapPeapSMakeMessage
[1084] 21:29:06:992: PEAP:PEAP_STATE_EAP_TYPE_I
[1084] 21:29:06:992: PeapDecryptTunnelData
[1084] 21:29:06:992: PeapDecryptTunnelData completed with status 0x0
[1084] 21:29:07:032: PeapEncryptTunnelData
[1084] 21:29:07:032: PeapEncryptTunnelData completed with status 0x0
[1084] 21:29:07:032: EapPeapSMakeMessage done
[1084] 21:29:07:032: EapPeapMakeMessage done
[2240] 21:29:07:132: EapPeapMakeMessage
[2240] 21:29:07:132: EapPeapSMakeMessage
[2240] 21:29:07:132: PEAP:PEAP_STATE_EAP_TYPE_I
[2240] 21:29:07:132: PeapDecryptTunnelData
[2240] 21:29:07:132: PeapDecryptTunnelData completed with status 0x0
[2240] 21:29:07:132: CreatePEAPTLVStatusMessage
[2240] 21:29:07:132: PeapEncryptTunnelData
[2240] 21:29:07:132: PeapEncryptTunnelData completed with status 0x0
[2240] 21:29:07:132: PeapSetTypeUserAttributes
[2240] 21:29:07:132: EapPeapSMakeMessage done
[2240] 21:29:07:132: EapPeapMakeMessage done
[2240] 21:29:07:233: EapPeapMakeMessage
[2240] 21:29:07:233: EapPeapSMakeMessage
[2240] 21:29:07:233: PEAP:PEAP_STATE_PEAP_SUCCE
[2240] 21:29:07:233: PeapDecryptTunnelData
[2240] 21:29:07:233: PeapDecryptTunnelData completed with status 0x0
[2240] 21:29:07:233: GetPEAPTLVStatusMessageVal
[2240] 21:29:07:233: PeapCreateCookie
[2240] 21:29:07:233: SetTLSSessionCookie
[2240] 21:29:07:233: Session cookie set successfully
[2240] 21:29:07:233: PeapAddContextAttributes
[2240] 21:29:07:233: RasAuthAttributeConcat
[2240] 21:29:07:233: EapPeapSMakeMessage done
[2240] 21:29:07:233: EapPeapMakeMessage do
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'm not familiar with 3Com APs. but check out the IP address lease assignments.
There should be a list of IPs that are granted after 802.1x.
Sorry if I'm not much more help here.
There should be a list of IPs that are granted after 802.1x.
Sorry if I'm not much more help here.
ASKER