Radius Server authenticates only some times

I set up a radius server on Windows 2003 server.  I am using 2 Cisco 4400 WLCs and lightweight Cisco 1242 APs.  I set up the Remote Access Policy to use computer authentication.  I can get it to work on a computer.  But on that computer that it is working on, it will only work for some users.  When it works, it authenticates by computer like it is supposed to.  But when it doesn't, it tries to authenticate by user, and then the error log says "The connection attempt did not match any remote access policy."  But if I log back in as the original user, it will authenticate correctly again.  The attached code shows the same computer trying to authenticate, but it does not work the same.  Any help would be greatly appreciated.  
----------Does't Work--------------

Event Type:	Warning
Event Source:	IAS
Event Category:	None
Event ID:	2
Date:		4/28/2010
Time:		7:07:16 AM
User:		N/A
Computer:	REDWAPP002
Description:
User NPPI-NET\RedwingIT was denied access.
 Fully-Qualified-User-Name = NPPI-NET\RedwingIT
 NAS-IP-Address = 10.1.200.100
 NAS-Identifier = REDWCTRL001
 Called-Station-Identifier = 00-21-D8-BF-EA-B0:Phil
 Calling-Station-Identifier = 00-15-E9-B7-F3-C4
 Client-Friendly-Name = REDWCTRL001
 Client-IP-Address = 10.1.200.100
 NAS-Port-Type = Wireless - IEEE 802.11
 NAS-Port = 29
 Proxy-Policy-Name = AD Authentication
 Authentication-Provider = Windows 
 Authentication-Server = <undetermined> 
 Policy-Name = <undetermined> 
 Authentication-Type = EAP
 EAP-Type = <undetermined> 
 Reason-Code = 48
 Reason = The connection attempt did not match any remote access policy. 

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00               ....    


-------------Works fine--------------


Event Type:	Information
Event Source:	IAS
Event Category:	None
Event ID:	1
Date:		4/28/2010
Time:		7:02:38 AM
User:		N/A
Computer:	REDWAPP002
Description:
User host/RW500317.norwoodaustin.com was granted access.
 Fully-Qualified-User-Name = norwoodaustin.com/Red Wing/Red Wing Computers/RW500317
 NAS-IP-Address = 10.1.200.100
 NAS-Identifier = REDWCTRL001
 Client-Friendly-Name = REDWCTRL001
 Client-IP-Address = 10.1.200.100
 Calling-Station-Identifier = 00-15-E9-B7-F3-C4
 NAS-Port-Type = Wireless - IEEE 802.11
 NAS-Port = 29
 Proxy-Policy-Name = AD Authentication
 Authentication-Provider = Windows 
 Authentication-Server = <undetermined> 
 Policy-Name = Wireless Access Policy
 Authentication-Type = PEAP
 EAP-Type = Secured password (EAP-MSCHAP v2)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00

Open in new window

norwoodhelpdeskAsked:
Who is Participating?
 
Jakob DigranesSenior ConsultantCommented:
The thing with computer authentication with RADIUS is that it will authenticate computer before user authentication.  - or do you have only comnputer authentication?
You say that this is the same computer - but with different users?

Do the computer connect to the same AP?
ARe the different users in same or different OUs?
Do you see any other errors in the event viewer log?
Do the computer successfully connect before user logs on, and the fails when user have logged on? (User re-authentication)
do the users have different permissions to the computer?
how do you configure the wirelesss settings? During GPOs?
are you sure the wireless has enough time to connect before user connects?
Do you have user re-authentication on the wireless?

a lot of questions - look into these please, and let us know.

0
 
HodepineCommented:
Looks like your users are in two different domains. The one that fails has NPPI-NET, while the other is norwoodaustin.com.

Are you trying to authenticate for a domain different than your AD?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.