Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 453
  • Last Modified:

RADIUS Server Authentication Issue

Hello,

We currently have Meraki wireless between several of our facilities. For our private network, we have laptops authenticating against a MS RADIUS server that sits in our data center.

What we are attempting to accomplish is to be able to take a brand new laptop, straight out of the box, and connect to our private network. When we try to connect, it prompts us for our windows credentials, which it should. Upon entering them, it simply states cannot connect and asks you to retry. This will continue to happen until the client is physically plugged into the LAN and connected to the domain.

Every client we have tried this on has reported the error below:

The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, no data in the certificate can be validated. The SSL connection request failed.

The certificate is a self-signed cert. However I have tried using a registered certificate as well but to no avail.

I have tried importing the certificate directly into the client and it still doesn't authenticate correctly. If I bypass the cert, in the connection settings of the client it connects without any issues since there is no certificate to validate (naturally).


On the RADIUS server itself, we have two options configured for allowing connections to the server.

- domain users group is allow, which every domain user is in.
- 802.xx connections are allow for network adapters.

There may be an underlining issue I am missing here with the two above groups. Any advice on this situation would be greatly appreciated.

Thank you!
0
victory2201
Asked:
victory2201
1 Solution
 
footechCommented:
So it sounds like you are using PEAP authentication with MSChapV2.  So without modifying the connection to not worry about the certificate, you really only have one option, and that is to use a certificate on the RADIUS server that is issued by a public CA that the client already trusts.  I would venture to guess that the reason it works after connecting to the LAN and joining the domain is because you have a group policy that is deploying the cert as trusted.
See here for a list of requirements for the certificate on a NPS (i.e. Server 2008+ RADIUS).
http://technet.microsoft.com/library/cc731363.aspx
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now