Solved

RADIUS Server Authentication Issue

Posted on 2014-04-03
1
437 Views
Last Modified: 2014-05-01
Hello,

We currently have Meraki wireless between several of our facilities. For our private network, we have laptops authenticating against a MS RADIUS server that sits in our data center.

What we are attempting to accomplish is to be able to take a brand new laptop, straight out of the box, and connect to our private network. When we try to connect, it prompts us for our windows credentials, which it should. Upon entering them, it simply states cannot connect and asks you to retry. This will continue to happen until the client is physically plugged into the LAN and connected to the domain.

Every client we have tried this on has reported the error below:

The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, no data in the certificate can be validated. The SSL connection request failed.

The certificate is a self-signed cert. However I have tried using a registered certificate as well but to no avail.

I have tried importing the certificate directly into the client and it still doesn't authenticate correctly. If I bypass the cert, in the connection settings of the client it connects without any issues since there is no certificate to validate (naturally).


On the RADIUS server itself, we have two options configured for allowing connections to the server.

- domain users group is allow, which every domain user is in.
- 802.xx connections are allow for network adapters.

There may be an underlining issue I am missing here with the two above groups. Any advice on this situation would be greatly appreciated.

Thank you!
0
Comment
Question by:victory2201
1 Comment
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
Comment Utility
So it sounds like you are using PEAP authentication with MSChapV2.  So without modifying the connection to not worry about the certificate, you really only have one option, and that is to use a certificate on the RADIUS server that is issued by a public CA that the client already trusts.  I would venture to guess that the reason it works after connecting to the LAN and joining the domain is because you have a group policy that is deploying the cert as trusted.
See here for a list of requirements for the certificate on a NPS (i.e. Server 2008+ RADIUS).
http://technet.microsoft.com/library/cc731363.aspx
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

On a regular basis I get questions about slow RDP performance, RDP connection problems, strange errors and even BSOD, remote computers freezing or restarting after initiation of a remote session. In a lot of this cases the quick solutions made b…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip is around source server preparation. No migration is an easy migration, there is a…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now