NPS An Access-Request message was received from RADIUS client with a message authenticator attribute that is not valid.

Hi all,

Im trying to authenticate wireless clients using EAP-TLS, ive got the access-point to send the authentication message to the RADIUS server and have captured the packets (see pic) but the radius server is throwing an error

"An Access-Request message was received from RADIUS client x.x.x.x with a message authenticator attribute that is not valid."

Ive attached screens of my polices and my wireless profile, pretty much everything i can think of, hopefully someone can point me in the right direction.

Thanks
profile.PNG
settings.PNG
settings.PNG
wire.PNG
client.PNG
Connection-Reqs.PNG
Network-Pol.PNG
LVL 1
awilderbeastAsked:
Who is Participating?
 
footechConnect With a Mentor Commented:
The first thing I would check is the shared secret.  Make a new one and paste it into the config of both your NPS and NAS (WAP).
0
 
footechCommented:
Also, I believe you may run into issues authenticating wireless clients with your Network Policy, specifically with the attribute Service-Type: Login.  I believe this should only be set on a policy that you are configuring to handle authentication requests to login to the RADIUS client (i.e. WAP).
0
 
awilderbeastAuthor Commented:
ok ive checked the shared secrets they definitely match
Ive removed service-tye:login from the radius server, im still getting the same error though

any ideas?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
awilderbeastAuthor Commented:
Hold that, its working, i changed the radius key, i had a $ in the password, removed that and it works!

thanks
0
 
awilderbeastAuthor Commented:
no $ in password was needed
0
 
footechCommented:
Glad you got it working.
I've never seen that as a requirement.  I know NPS supports the $ character.  I wonder if it's a limitation of your RADIUS client.  I haven't seen any mention of it in Cisco docs.
0
All Courses

From novice to tech pro — start learning today.