Black_Ed
asked on
Need Help with WPA2 Enterprise and IAS
I've got a Windows CE 5.0 device using a Summit Wi-Fi card. The CE device has the 2.0.17 drivers from Summit (Latest release).
I am using a Linksys Wireless-N Broadband Router as my access point. The security mode is WPA2 Enterprise. The encryption method is AES. The IP address of the RADIUS server is correct (and the AP can ping it), and the shared secret is 4 letters long. (This is a test to find out how to set up WPA2 Enterprise.)
There is a Windows 2003 Server on the LAN. I installed IAS to act as the RADIUS server. I've configured a RADIUS client as the AP. My remote access policies will grant permission to any user or computer in Domain Users or Domain Computers. The server is registered in Active Directory. There is a certificate on the IAS server.
I can see the connection attempts in the IAS logs. I have no idea what these log entries mean. Here are two lines from today:
172.16.4.76,MOBI\fnels,10/
172.16.4.76,MOBI\fnels,10/
On the CE device, I see that the Summit card Associates for a while. The status then goes to "Not Associated", and at the same time, the dialog box to collect the user id and password pops up.
I must be close to getting this working. I am not seeing messages indicating that the user was rejected in the IAS logs.
I am guessing that the user ID and password that I supply in the dialog box on the CE device ultimately gets authenticated by Active Directory. The CE device will be part of the Mobi domain once the authentication/authorizati
Any help would be appreciated.
Thanks!
I am using a Linksys Wireless-N Broadband Router as my access point. The security mode is WPA2 Enterprise. The encryption method is AES. The IP address of the RADIUS server is correct (and the AP can ping it), and the shared secret is 4 letters long. (This is a test to find out how to set up WPA2 Enterprise.)
There is a Windows 2003 Server on the LAN. I installed IAS to act as the RADIUS server. I've configured a RADIUS client as the AP. My remote access policies will grant permission to any user or computer in Domain Users or Domain Computers. The server is registered in Active Directory. There is a certificate on the IAS server.
I can see the connection attempts in the IAS logs. I have no idea what these log entries mean. Here are two lines from today:
172.16.4.76,MOBI\fnels,10/
172.16.4.76,MOBI\fnels,10/
On the CE device, I see that the Summit card Associates for a while. The status then goes to "Not Associated", and at the same time, the dialog box to collect the user id and password pops up.
I must be close to getting this working. I am not seeing messages indicating that the user was rejected in the IAS logs.
I am guessing that the user ID and password that I supply in the dialog box on the CE device ultimately gets authenticated by Active Directory. The CE device will be part of the Mobi domain once the authentication/authorizati
Any help would be appreciated.
Thanks!
ASKER
How can I find out what IAS sends back? I thought it might be hidden in the log entries. The logging on the AP is almost nonexistent.
I'll look at the link and see if that provides the answer.
Thanks for the suggestion!
I'll look at the link and see if that provides the answer.
Thanks for the suggestion!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have it working!
I checked the Event Viewer on the server that is running IAS. It was showing that the user was being denied access by Active Directory. I called the Network Admin, and he had to change the user configuration to allow remote authentication (or dial-in authentication, I am not sure).
The Event Viewer now shows that the user is being granted access. My CE device is showing that the wireless connection is made, and I can ping addresses off the box.
I will post a screen shot of the attribute that needed to be set later on. (I am waiting for the Network Admin to send it.)
I checked the Event Viewer on the server that is running IAS. It was showing that the user was being denied access by Active Directory. I called the Network Admin, and he had to change the user configuration to allow remote authentication (or dial-in authentication, I am not sure).
The Event Viewer now shows that the user is being granted access. My CE device is showing that the wireless connection is made, and I can ping addresses off the box.
I will post a screen shot of the attribute that needed to be set later on. (I am waiting for the Network Admin to send it.)
ASKER
I've added the screen shot of what the Network Admin had to change in Active Directory.
The User's properties in the "Dial-in" tab had to be changed. The "Remote Access Permission (Dial-in or VPN)" option had to be changed to "Allow access". The screen shot has the option circled in red.
Ed
WPA2-Enterprise.JPG
The User's properties in the "Dial-in" tab had to be changed. The "Remote Access Permission (Dial-in or VPN)" option had to be changed to "Allow access". The screen shot has the option circled in red.
Ed
WPA2-Enterprise.JPG
ASKER
Thanks for your help on this!
Example
http://www.hansenonline.net/Networking/wlanradius.html
The issue is what does IAS send back when the credentials are validated?