NPS An Access-Request message was received from RADIUS client with a message authenticator attribute that is not valid.

Hi all,

Im trying to authenticate wireless clients using EAP-TLS, ive got the access-point to send the authentication message to the RADIUS server and have captured the packets (see pic) but the radius server is throwing an error

"An Access-Request message was received from RADIUS client x.x.x.x with a message authenticator attribute that is not valid."

Ive attached screens of my polices and my wireless profile, pretty much everything i can think of, hopefully someone can point me in the right direction.

Thanks
profile.PNG
settings.PNG
settings.PNG
wire.PNG
client.PNG
Connection-Reqs.PNG
Network-Pol.PNG
LVL 1
awilderbeastAsked:
Who is Participating?
 
footechCommented:
The first thing I would check is the shared secret.  Make a new one and paste it into the config of both your NPS and NAS (WAP).
0
 
footechCommented:
Also, I believe you may run into issues authenticating wireless clients with your Network Policy, specifically with the attribute Service-Type: Login.  I believe this should only be set on a policy that you are configuring to handle authentication requests to login to the RADIUS client (i.e. WAP).
0
 
awilderbeastAuthor Commented:
ok ive checked the shared secrets they definitely match
Ive removed service-tye:login from the radius server, im still getting the same error though

any ideas?
0
Turn Raw Data into a Real Career

There’s a growing demand for qualified analysts who can make sense of Big Data. With an MS in Data Analytics, you can become the data mining, management, mapping, and munging expert that today’s leading corporations desperately need.

 
awilderbeastAuthor Commented:
Hold that, its working, i changed the radius key, i had a $ in the password, removed that and it works!

thanks
0
 
awilderbeastAuthor Commented:
no $ in password was needed
0
 
footechCommented:
Glad you got it working.
I've never seen that as a requirement.  I know NPS supports the $ character.  I wonder if it's a limitation of your RADIUS client.  I haven't seen any mention of it in Cisco docs.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.