Solved

RADIUS Server Authentication Issue

Posted on 2014-04-03
1
451 Views
Last Modified: 2014-05-01
Hello,

We currently have Meraki wireless between several of our facilities. For our private network, we have laptops authenticating against a MS RADIUS server that sits in our data center.

What we are attempting to accomplish is to be able to take a brand new laptop, straight out of the box, and connect to our private network. When we try to connect, it prompts us for our windows credentials, which it should. Upon entering them, it simply states cannot connect and asks you to retry. This will continue to happen until the client is physically plugged into the LAN and connected to the domain.

Every client we have tried this on has reported the error below:

The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, no data in the certificate can be validated. The SSL connection request failed.

The certificate is a self-signed cert. However I have tried using a registered certificate as well but to no avail.

I have tried importing the certificate directly into the client and it still doesn't authenticate correctly. If I bypass the cert, in the connection settings of the client it connects without any issues since there is no certificate to validate (naturally).


On the RADIUS server itself, we have two options configured for allowing connections to the server.

- domain users group is allow, which every domain user is in.
- 802.xx connections are allow for network adapters.

There may be an underlining issue I am missing here with the two above groups. Any advice on this situation would be greatly appreciated.

Thank you!
0
Comment
Question by:victory2201
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 39977846
So it sounds like you are using PEAP authentication with MSChapV2.  So without modifying the connection to not worry about the certificate, you really only have one option, and that is to use a certificate on the RADIUS server that is issued by a public CA that the client already trusts.  I would venture to guess that the reason it works after connecting to the LAN and joining the domain is because you have a group policy that is deploying the cert as trusted.
See here for a list of requirements for the certificate on a NPS (i.e. Server 2008+ RADIUS).
http://technet.microsoft.com/library/cc731363.aspx
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every system administrator encounters once in while in a problem where the solution seems to be a needle in haystack.  My needle was an anti-virus version causing problems with my Exchange server. I have an HP DL350 with Windows Server 2008 Stand…
Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question