Authenticate via RADIUS and AD for wirless client

Hi,
AP - Cisco 1240AG
Radius - IAS
Certificate service installed.
WPA2 enterprise on AP and KTIP

At the moment, after installed the certicate and setup from client end, whenever i try to connect, it require a login account. i have tried several accounts but still cant get in. The client account is in the IAS policy group and have access in the user properties. The error i am getting from the AP is "Station xxxx.xxxx.xxxx Authenticatioin failed".

i had re-entered the ShareKey between the AP and IAS but still the same.
what i really want is to allow the client to use the wireless with easy setup, WITHOUT certificate installation prefer, just via IAS and AD.  

can someone point out what i missed out or provide me the steps to make this work.
thanks in advance
supra87Asked:
Who is Participating?
 
araberuniCommented:
Hi,
there are few options what you want achieve. read these articles and verify your settings.

Option1:
http://araihan.wordpress.com/2009/08/17/microsoft-radius-server-ias-apple-imacmacbook-pro-osx-10-5-and-xp-pro-step-by-step/
Option2:
http://araihan.wordpress.com/2010/04/30/complete-guide-to-build-a-cisco-wireless-infrastructure-using-cisco-wlc-5500-cisco-1142-ap-and-microsoft-radius-server/
Option3
http://araihan.wordpress.com/2009/10/06/configure-l2tp-ipsec-vpn-using-windows-server-2008/

without certificate it will work unfortunately. The unsecure way of delivering wirless is only WPA2 and PSK which i dont recommend.

regards,
Raihan
0
 
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
Can you post your config?

Do you have any authentication errors in your IAS event viewer logs?
0
 
supra87Author Commented:

see below. this is what i get from the system event log when i try to connect to the wireless WITHOUT
using the certificate.

settings on the client end:
Security type: WPA2-enterprise
Encryption type: TKIP
Authentication method:  PEAP
in the EAP properties, the Auth Method is EAP-MSCHAP v2


IN THE EVENT LOG:

User students\student was granted access.
 Fully-Qualified-User-Name = <undetermined>
 NAS-IP-Address = 192.168.10.10
 NAS-Identifier = ap
 Client-Friendly-Name = Resource Centre
 Client-IP-Address = 192.168.10.10
 Calling-Station-Identifier = b482.fe6f.65e1
 NAS-Port-Type = Wireless - IEEE 802.11
 NAS-Port = 38087
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = <none>
 Authentication-Server = <undetermined>
 Policy-Name = <undetermined>
 Authentication-Type = <undetermined>
 EAP-Type = <undetermined>

For more information, see Help and Support Center at
0
Live Q & A: Securing Your Wi-Fi for Summer Travel

Traveling this summer? Join us on June 18, 2018 for a live stream to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
supra87Author Commented:
Forgot to mention, the authentication window keep pop up for enter the username and password.
On the AP log, it's also logged " Authentication failed" message
0
 
supra87Author Commented:
Further info:
after i changed the shared secret key from both AP and IAS with a longer and mixture of letter, number,symbol, i got a different error from the system event log:

" An Access-Request message was recieved from RADIUS client Resource Centre with a message authenticator attribute that is not valid."

Note: the checkbox in the IAS client setting " Request must contain ...." tick or untick does not make any difference. same error as above.
0
 
supra87Author Commented:
The wireless is working now but i still dont know how. The things i changed from the setup were several different SSID and Secret Share Key. There must be some sort of restrictions on how the SSID or Share key set. i tested with diff share key or SSID and sometimes got diff error message in even log.
i always update the share key of both end IAS and AP. Now i dont use cert, use WAP2 with AD authentication only. Is this secure enought? thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.