Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6365
  • Last Modified:

NPS An Access-Request message was received from RADIUS client with a message authenticator attribute that is not valid.

Hi all,

Im trying to authenticate wireless clients using EAP-TLS, ive got the access-point to send the authentication message to the RADIUS server and have captured the packets (see pic) but the radius server is throwing an error

"An Access-Request message was received from RADIUS client x.x.x.x with a message authenticator attribute that is not valid."

Ive attached screens of my polices and my wireless profile, pretty much everything i can think of, hopefully someone can point me in the right direction.

Thanks
profile.PNG
settings.PNG
settings.PNG
wire.PNG
client.PNG
Connection-Reqs.PNG
Network-Pol.PNG
0
awilderbeast
Asked:
awilderbeast
  • 3
  • 3
1 Solution
 
footechCommented:
The first thing I would check is the shared secret.  Make a new one and paste it into the config of both your NPS and NAS (WAP).
0
 
footechCommented:
Also, I believe you may run into issues authenticating wireless clients with your Network Policy, specifically with the attribute Service-Type: Login.  I believe this should only be set on a policy that you are configuring to handle authentication requests to login to the RADIUS client (i.e. WAP).
0
 
awilderbeastAuthor Commented:
ok ive checked the shared secrets they definitely match
Ive removed service-tye:login from the radius server, im still getting the same error though

any ideas?
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
awilderbeastAuthor Commented:
Hold that, its working, i changed the radius key, i had a $ in the password, removed that and it works!

thanks
0
 
awilderbeastAuthor Commented:
no $ in password was needed
0
 
footechCommented:
Glad you got it working.
I've never seen that as a requirement.  I know NPS supports the $ character.  I wonder if it's a limitation of your RADIUS client.  I haven't seen any mention of it in Cisco docs.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now