Solved

RODC with EAP and Radius

Posted on 2011-09-22
3
2,079 Views
Last Modified: 2012-05-12
I have a domain, let’s call it Domain.local.  On this domain I have a domain controller called DC-Prime, and a read-only domain controller called RODC-Zeta.

I have 2 cisco wireless APs, using RADIUS to authenticate users to the domain.  When they are pointed to Prime, they authenticate, and everything is sunshine and unicorns.  When I point them to Zeta, the server reports the following from Event Viewer:

Negotiation failed. Requested EAP methods not available

I have exported the EAP settings from Prime and imported them to Zeta, but I still get the same results.  I think it has to do with Zeta being a Read Only DC, but google and various searches have come up empty.
0
Comment
Question by:UnityPG
  • 2
3 Comments
 
LVL 13

Expert Comment

by:khairil
ID: 36582310
Hi,

RODC have special handling with user account and password, you can get more idea here, http://blogs.technet.com/b/askds/archive/2008/01/18/understanding-read-only-domain-controller-authentication.aspx

You might want to change the Password Replication Policy of RODC and give another try to authenticate user. More on password replication policy, http://technet.microsoft.com/en-us/library/cc730883(WS.10).aspx

BTW, what radius are you using? If you are using NPS for radius authentication then it will be no problem.
0
 

Accepted Solution

by:
UnityPG earned 0 total points
ID: 36586790
The issue was that the RODC server had no certificate for authentication.   Installing a CA on Prime and exporting the cert to Zeta fixed it.

Thanks,
0
 

Author Closing Comment

by:UnityPG
ID: 36715231
Fixed it, sorry guys.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows mapped drive communications - Secure? 5 68
Using MS Hello on a Domain Joined Surface Book 4 48
FTP server backups 5 45
Move FSMO roles... 9 40
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question