?
Solved

RODC with EAP and Radius

Posted on 2011-09-22
3
Medium Priority
?
2,128 Views
Last Modified: 2012-05-12
I have a domain, let’s call it Domain.local.  On this domain I have a domain controller called DC-Prime, and a read-only domain controller called RODC-Zeta.

I have 2 cisco wireless APs, using RADIUS to authenticate users to the domain.  When they are pointed to Prime, they authenticate, and everything is sunshine and unicorns.  When I point them to Zeta, the server reports the following from Event Viewer:

Negotiation failed. Requested EAP methods not available

I have exported the EAP settings from Prime and imported them to Zeta, but I still get the same results.  I think it has to do with Zeta being a Read Only DC, but google and various searches have come up empty.
0
Comment
Question by:UnityPG
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 13

Expert Comment

by:khairil
ID: 36582310
Hi,

RODC have special handling with user account and password, you can get more idea here, http://blogs.technet.com/b/askds/archive/2008/01/18/understanding-read-only-domain-controller-authentication.aspx

You might want to change the Password Replication Policy of RODC and give another try to authenticate user. More on password replication policy, http://technet.microsoft.com/en-us/library/cc730883(WS.10).aspx

BTW, what radius are you using? If you are using NPS for radius authentication then it will be no problem.
0
 

Accepted Solution

by:
UnityPG earned 0 total points
ID: 36586790
The issue was that the RODC server had no certificate for authentication.   Installing a CA on Prime and exporting the cert to Zeta fixed it.

Thanks,
0
 

Author Closing Comment

by:UnityPG
ID: 36715231
Fixed it, sorry guys.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question