Need Help with WPA2 Enterprise and IAS
Posted on 2008-10-06
I've got a Windows CE 5.0 device using a Summit Wi-Fi card. The CE device has the 2.0.17 drivers from Summit (Latest release).
I am using a Linksys Wireless-N Broadband Router as my access point. The security mode is WPA2 Enterprise. The encryption method is AES. The IP address of the RADIUS server is correct (and the AP can ping it), and the shared secret is 4 letters long. (This is a test to find out how to set up WPA2 Enterprise.)
There is a Windows 2003 Server on the LAN. I installed IAS to act as the RADIUS server. I've configured a RADIUS client as the AP. My remote access policies will grant permission to any user or computer in Domain Users or Domain Computers. The server is registered in Active Directory. There is a certificate on the IAS server.
I can see the connection attempts in the IAS logs. I have no idea what these log entries mean. Here are two lines from today:
172.16.4.76,MOBI\fnels,10/06/2008,11:13:22,IAS,ZEVON,4,172.16.4.76,30,001ee546c029,31,00172301f9c9,32,001ee546c029,5,49,12,1400,61,19,4108,172.16.4.76,4116,0,4128,TESTWPA2,4155,1,4154,Use Windows authentication for all users,25,311 1 172.16.1.99 10/06/2008 15:12:57 1,4129,MOBI\fnels,4127,5,4149,FredsTest,4130,mobi.local/Engineering/Software Development/Fred Nels,4136,1,4142,0
172.16.4.76,MOBI\fnels,10/06/2008,11:13:22,IAS,ZEVON,25,311 1 172.16.1.99 10/06/2008 15:12:57 1,4130,mobi.local/Engineering/Software Development/Fred Nels,4149,FredsTest,4127,5,4129,MOBI\fnels,4154,Use Windows authentication for all users,4155,1,4108,172.16.4.76,4116,0,4128,TESTWPA2,4136,3,4142,65
On the CE device, I see that the Summit card Associates for a while. The status then goes to "Not Associated", and at the same time, the dialog box to collect the user id and password pops up.
I must be close to getting this working. I am not seeing messages indicating that the user was rejected in the IAS logs.
I am guessing that the user ID and password that I supply in the dialog box on the CE device ultimately gets authenticated by Active Directory. The CE device will be part of the Mobi domain once the authentication/authorization succeeds.
Any help would be appreciated.