Solved

RADIUS Server Authentication Issue

Posted on 2014-04-03
1
439 Views
Last Modified: 2014-05-01
Hello,

We currently have Meraki wireless between several of our facilities. For our private network, we have laptops authenticating against a MS RADIUS server that sits in our data center.

What we are attempting to accomplish is to be able to take a brand new laptop, straight out of the box, and connect to our private network. When we try to connect, it prompts us for our windows credentials, which it should. Upon entering them, it simply states cannot connect and asks you to retry. This will continue to happen until the client is physically plugged into the LAN and connected to the domain.

Every client we have tried this on has reported the error below:

The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, no data in the certificate can be validated. The SSL connection request failed.

The certificate is a self-signed cert. However I have tried using a registered certificate as well but to no avail.

I have tried importing the certificate directly into the client and it still doesn't authenticate correctly. If I bypass the cert, in the connection settings of the client it connects without any issues since there is no certificate to validate (naturally).


On the RADIUS server itself, we have two options configured for allowing connections to the server.

- domain users group is allow, which every domain user is in.
- 802.xx connections are allow for network adapters.

There may be an underlining issue I am missing here with the two above groups. Any advice on this situation would be greatly appreciated.

Thank you!
0
Comment
Question by:victory2201
1 Comment
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 39977846
So it sounds like you are using PEAP authentication with MSChapV2.  So without modifying the connection to not worry about the certificate, you really only have one option, and that is to use a certificate on the RADIUS server that is issued by a public CA that the client already trusts.  I would venture to guess that the reason it works after connecting to the LAN and joining the domain is because you have a group policy that is deploying the cert as trusted.
See here for a list of requirements for the certificate on a NPS (i.e. Server 2008+ RADIUS).
http://technet.microsoft.com/library/cc731363.aspx
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found listed in my profile here: http:…
Know what services you can and cannot, should and should not combine on your server.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now