Solved

RADIUS Server Authentication Issue

Posted on 2014-04-03
1
441 Views
Last Modified: 2014-05-01
Hello,

We currently have Meraki wireless between several of our facilities. For our private network, we have laptops authenticating against a MS RADIUS server that sits in our data center.

What we are attempting to accomplish is to be able to take a brand new laptop, straight out of the box, and connect to our private network. When we try to connect, it prompts us for our windows credentials, which it should. Upon entering them, it simply states cannot connect and asks you to retry. This will continue to happen until the client is physically plugged into the LAN and connected to the domain.

Every client we have tried this on has reported the error below:

The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, no data in the certificate can be validated. The SSL connection request failed.

The certificate is a self-signed cert. However I have tried using a registered certificate as well but to no avail.

I have tried importing the certificate directly into the client and it still doesn't authenticate correctly. If I bypass the cert, in the connection settings of the client it connects without any issues since there is no certificate to validate (naturally).


On the RADIUS server itself, we have two options configured for allowing connections to the server.

- domain users group is allow, which every domain user is in.
- 802.xx connections are allow for network adapters.

There may be an underlining issue I am missing here with the two above groups. Any advice on this situation would be greatly appreciated.

Thank you!
0
Comment
Question by:victory2201
1 Comment
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 39977846
So it sounds like you are using PEAP authentication with MSChapV2.  So without modifying the connection to not worry about the certificate, you really only have one option, and that is to use a certificate on the RADIUS server that is issued by a public CA that the client already trusts.  I would venture to guess that the reason it works after connecting to the LAN and joining the domain is because you have a group policy that is deploying the cert as trusted.
See here for a list of requirements for the certificate on a NPS (i.e. Server 2008+ RADIUS).
http://technet.microsoft.com/library/cc731363.aspx
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Case Summary: In this Article we introduce the new method to configure the default user profile using Automated profile copy with sysprep rather than the old ways such as the manual copy of a configured profile to default user profile Old meth…
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question