Link to home
Start Free TrialLog in
Avatar of 4isteam
4isteam

asked on

Wireless with Radius Authentication

I have a 3com access point setup with Radius 802.1x authentication. The access point log files show as Authentication succesful and also at the clients "laptop" Wireless Network Connection. At the IAS Server Log files it also seems Like Authentication is succesfull although I cant get an Ip Address at the Client. From the Installation instructions for IAS and the Ca there is only one aspect I cant install. The instructions specify to make sure Ras and IAS Server Authentication CA template is Present and also Wireless Authentication. Ras and Ias Server is installed but the Wireless CA is not. When trying to install Wireless Authentication CA by going to Certificate Templates and choosing Certificate Template to issue Wireless Authentication CA is not present. Im not sure if this might be where the issue Im having lies. Here is a sample of a log file that might be Helpfull. Any help in this matter is greatly appreceiated.

 EapTlsBegin(WIRELESS\test)
[1084] 21:29:05:770: SetupMachineChangeNotification
[1084] 21:29:05:770: State change to Initial
[1084] 21:29:05:770: EapTlsBegin: Detected PEAP authentication
[1084] 21:29:05:770: MaxTLSMessageLength is now 16384
[1084] 21:29:05:770: CRYPT_E_NO_REVOCATION_CHECK will not be ignored
[1084] 21:29:05:770: CRYPT_E_REVOCATION_OFFLINE will not be ignored
[1084] 21:29:05:770: The root cert will not be checked for revocation
[1084] 21:29:05:770: The cert will be checked for revocation
[1084] 21:29:05:770: EapPeapBegin done
[1084] 21:29:05:770: EapPeapMakeMessage
[1084] 21:29:05:770: EapPeapSMakeMessage
[1084] 21:29:05:770: PEAP:PEAP_STATE_INITIAL
[1084] 21:29:05:770: EapTlsSMakeMessage
[1084] 21:29:05:770: EapTlsReset
[1084] 21:29:05:770: State change to Initial
[1084] 21:29:05:770: GetCredentials
[1084] 21:29:05:770: Flag is Server and Store is local Machine
[1084] 21:29:05:770: GetCachedCredentials Flags = 0x4061
[1084] 21:29:05:770: GetCachedCredentials: Using Cached Credentials
[1084] 21:29:05:770: GetCachedCredentials: Hash of the cert in the cache is
 
 9 6   6 2   5 C   F C   8 8   E F   5 2   A B   A 0   8 A   5 0   A 9   4 9   9 8   2 5   E D   | . b \ . . . R . . . P . I . % . |
 
 C D   B 7   0 6   0 B   0 0   0 0   0 0   0 0   0 0   0 0   0 0   0 0   0 0   0 0   0 0   0 0   | . . . . . . . . . . . . . . . . |
[1084] 21:29:05:770: BuildPacket
[1084] 21:29:05:770: << Sending Request (Code: 1) packet: Id: 2, Length: 6, Type: 13, TLS blob length: 0. Flags: S
[1084] 21:29:05:770: State change to SentStart
[1084] 21:29:05:770: EapPeapSMakeMessage done
[1084] 21:29:05:770: EapPeapMakeMessage done
[1084] 21:29:05:770: EapPeapEnd12:14 AM 3/7/2005
[1084] 21:29:05:770: EapTlsEnd(wireless\test)
[1084] 21:29:05:770: EapPeapEnd done
[2240] 21:29:05:861: EapPeapMakeMessage
[2240] 21:29:05:861: EapPeapSMakeMessage
[2240] 21:29:05:861: PEAP:PEAP_STATE_TLS_INPROGRESS
[2240] 21:29:05:861: EapTlsSMakeMessage
[2240] 21:29:05:861: MakeReplyMessage
[2240] 21:29:05:861: Reallocating input TLS blob buffer
[2240] 21:29:05:861: SecurityContextFunction
[2240] 21:29:05:871: AcceptSecurityContext returned 0x90312
[2240] 21:29:05:871: State change to SentHello
[2240] 21:29:05:871: BuildPacket
[2240] 21:29:05:871: << Sending Request (Code: 1) packet: Id: 3, Length: 1396, Type: 13, TLS blob length: 4641. Flags: LM
[2240] 21:29:05:871: EapPeapSMakeMessage done
[2240] 21:29:05:871: EapPeapMakeMessage done
[1084] 21:29:05:961: EapPeapMakeMessage
[1084] 21:29:05:961: EapPeapSMakeMessage
[1084] 21:29:05:961: PEAP:PEAP_STATE_TLS_INPROGRESS
[1084] 21:29:05:961: EapTlsSMakeMessage
[1084] 21:29:05:961: BuildPacket
[1084] 21:29:05:961: << Sending Request (Code: 1) packet: Id: 4, Length: 1396, Type: 13, TLS blob length: 0. Flags: M
[1084] 21:29:05:961: EapPeapSMakeMessage done
[1084] 21:29:05:961: EapPeapMakeMessage done
[2240] 21:29:06:071: EapPeapMakeMessage
[2240] 21:29:06:071: EapPeapSMakeMessage
[2240] 21:29:06:071: PEAP:PEAP_STATE_TLS_INPROGRESS
[2240] 21:29:06:071: EapTlsSMakeMessage
[2240] 21:29:06:071: BuildPacket
[2240] 21:29:06:071: << Sending Request (Code: 1) packet: Id: 5, Length: 1396, Type: 13, TLS blob length: 0. Flags: M
[2240] 21:29:06:071: EapPeapSMakeMessage done
[2240] 21:29:06:071: EapPeapMakeMessage done
[1084] 21:29:06:171: EapPeapMakeMessage
[1084] 21:29:06:171: EapPeapSMakeMessage
[1084] 21:29:06:171: PEAP:PEAP_STATE_TLS_INPROGRESS
[1084] 21:29:06:171: EapTlsSMakeMessage
[1084] 21:29:06:171: BuildPacket
[1084] 21:29:06:171: << Sending Request (Code: 1) packet: Id: 6, Length: 481, Type: 13, TLS blob length: 0. Flags:
[1084] 21:29:06:171: EapPeapSMakeMessage done
[1084] 21:29:06:171: EapPeapMakeMessage done
[1084] 21:29:06:271: EapPeapMakeMessage
[1084] 21:29:06:271: EapPeapSMakeMessage
[1084] 21:29:06:271: PEAP:PEAP_STATE_TLS_INPROGRESS
[1084] 21:29:06:271: EapTlsSMakeMessage
[1084] 21:29:06:271: MakeReplyMessage
[1084] 21:29:06:271: Reallocating input TLS blob buffer
[1084] 21:29:06:271: SecurityContextFunction
[1084] 21:29:06:281: AcceptSecurityContext returned 0x0
[1084] 21:29:06:281: AuthenticateUser
[1084] 21:29:06:281: QueryContextAttributes failed and returned 0x8009030e
[1084] 21:29:06:281: Got no credentials from the client and executing PEAP.  This is a success for eaptls.
[1084] 21:29:06:281: SetTLSFastReconnect
[1084] 21:29:06:281: IsTLSSessionReconnect
[1084] 21:29:06:281: Fast Reconnects Enabled/Disabled
[1084] 21:29:06:281: CreateMPPEKeyAttributes
[1084] 21:29:06:281: State change to SentFinished
[1084] 21:29:06:281: BuildPacket
[1084] 21:29:06:281: << Sending Request (Code: 1) packet: Id: 7, Length: 53, Type: 13, TLS blob length: 43. Flags: L
[1084] 21:29:06:281: EapPeapSMakeMessage done
[1084] 21:29:06:281: EapPeapMakeMessage done
[2240] 21:29:06:381: EapPeapMakeMessage
[2240] 21:29:06:381: EapPeapSMakeMessage
[2240] 21:29:06:381: PEAP:PEAP_STATE_TLS_INPROGRESS
[2240] 21:29:06:381: EapTlsSMakeMessage
[2240] 21:29:06:381: Negotiation successful
[2240] 21:29:06:381: BuildPacket
[2240] 21:29:06:381: << Sending Success (Code: 3) packet: Id: 7, Length: 4, Type: 0, TLS blob length: 0. Flags:
[2240] 21:29:06:381: AuthResultCode = (0), bCode = (3)
[2240] 21:29:06:381: PeapGetTunnelProperties
[2240] 21:29:06:381: Successfully negotiated TLS with following parametersdwProtocol = 0x40, Cipher= 0x6801, CipherStrength=0x80, Hash=0x8003
[2240] 21:29:06:381: PeapGetTunnelProperties done
[2240] 21:29:06:381: GetTLSSessionCookie
[2240] 21:29:06:381: IsTLSSessionReconnect
[2240] 21:29:06:381: Full TLS handshake
[2240] 21:29:06:381: PeapEncryptTunnelData
[2240] 21:29:06:381: PeapEncryptTunnelData completed with status 0x0
[2240] 21:29:06:381: EapPeapSMakeMessage done
[2240] 21:29:06:381: EapPeapMakeMessage done
[2240] 21:29:06:482: EapPeapMakeMessage
[2240] 21:29:06:482: EapPeapSMakeMessage
[2240] 21:29:06:482: PEAP:PEAP_STATE_IDENTITY_REQUEST_SENT
[2240] 21:29:06:482: PeapDecryptTunnelData
[2240] 21:29:06:482: PeapDecryptTunnelData completed with status 0x0
[2240] 21:29:06:482: PeapEncryptTunnelData
[2240] 21:29:06:482: PeapEncryptTunnelData completed with status 0x0
[2240] 21:29:06:482: EapPeapSMakeMessage done
[2240] 21:29:06:482: EapPeapMakeMessage done
[1084] 21:29:06:992: EapPeapMakeMessage
[1084] 21:29:06:992: EapPeapSMakeMessage
[1084] 21:29:06:992: PEAP:PEAP_STATE_EAP_TYPE_INPROGRESS
[1084] 21:29:06:992: PeapDecryptTunnelData
[1084] 21:29:06:992: PeapDecryptTunnelData completed with status 0x0
[1084] 21:29:07:032: PeapEncryptTunnelData
[1084] 21:29:07:032: PeapEncryptTunnelData completed with status 0x0
[1084] 21:29:07:032: EapPeapSMakeMessage done
[1084] 21:29:07:032: EapPeapMakeMessage done
[2240] 21:29:07:132: EapPeapMakeMessage
[2240] 21:29:07:132: EapPeapSMakeMessage
[2240] 21:29:07:132: PEAP:PEAP_STATE_EAP_TYPE_INPROGRESS
[2240] 21:29:07:132: PeapDecryptTunnelData
[2240] 21:29:07:132: PeapDecryptTunnelData completed with status 0x0
[2240] 21:29:07:132: CreatePEAPTLVStatusMessage
[2240] 21:29:07:132: PeapEncryptTunnelData
[2240] 21:29:07:132: PeapEncryptTunnelData completed with status 0x0
[2240] 21:29:07:132: PeapSetTypeUserAttributes
[2240] 21:29:07:132: EapPeapSMakeMessage done
[2240] 21:29:07:132: EapPeapMakeMessage done
[2240] 21:29:07:233: EapPeapMakeMessage
[2240] 21:29:07:233: EapPeapSMakeMessage
[2240] 21:29:07:233: PEAP:PEAP_STATE_PEAP_SUCCESS_SEND
[2240] 21:29:07:233: PeapDecryptTunnelData
[2240] 21:29:07:233: PeapDecryptTunnelData completed with status 0x0
[2240] 21:29:07:233: GetPEAPTLVStatusMessageValue
[2240] 21:29:07:233: PeapCreateCookie
[2240] 21:29:07:233: SetTLSSessionCookie
[2240] 21:29:07:233: Session cookie set successfully

[2240] 21:29:07:233: PeapAddContextAttributes
[2240] 21:29:07:233: RasAuthAttributeConcat
[2240] 21:29:07:233: EapPeapSMakeMessage done
[2240] 21:29:07:233: EapPeapMakeMessage do
ASKER CERTIFIED SOLUTION
Avatar of Phil_Agcaoili
Phil_Agcaoili
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of 4isteam
4isteam

ASKER

Thanks for your response.. I am able to get Authenticated to the Access point and Server. The Log status at Access point says successful and also Event viewer says successfull using 802.1x so it seems authentication is happening. I just cant get an Ip from the same computer Im trying to loggin from. This is the same computer that is getting Authenticated. If it gets Authenticated how come I dont get an Ip Address.
I'm not familiar with 3Com APs. but check out the IP address lease assignments.

There should be a list of IPs that are granted after 802.1x.

Sorry if I'm not much more help here.