Avatar of Tom Beck
Tom Beck
Flag for United States of America asked on

Connect Mac OS X wirelessly to Windows Server 2003 RADIUS server.

I have several Macs on a Windows domain. Domain controller is Server 2003 Standard Edition SP2. Macs are a mix of OS X Mavericks and Yosemite. All Macs are joined to the Windows domain.

I've recently set up the RADIUS server so this my first attempt at getting this type of wireless working on this network.

Server 2003:
Internet Authentication Service (IAS) is installed as well as Certificate Services. Self-signed certificate in place.
I have a Security Group for Wireless users that includes all domain users and domain computers. My laptop shows up in the list of computers.
In IAS I have a Remote Access Policy that includes the Wireless Security Group
I have added the Netgear wireless AP to the RADIUS Clients, its IP address and Shared Secret.
IAS ports are the default 1812, 1645
The laptop I am testing from is a MacBook Pro with Yosemite.

Netgear WNDR3700:
Router is set up in AP mode. WAN and LAN setting links now grayed out of course. Static IP assigned to the router that matches a reserve on the DHCP server.
Both 2.4GHz and 5GHz bands set to WPA/WPA2 Enterprise, RADIUS server ip matches the RADIUS server, port 1812, Shared Secret typed in.
I also set up a guest network if that matters.

When I attempt a wireless connection, the laptop connects to the router, I'm presented with a Username/Password login which I would expect. I enter the creds, the wheel spins then:Authentication server not responding.
What am I missing?

B.T.W., I can connect to the guest network wirelessly using basic WPA2 security and a passphrase. I currently have a static IP on the main network's subnet on the wireless adapter on my laptop.

So I'm thinking I missed something on the RADIUS server configuration.
Wireless NetworkingWindows Server 2003Mac OS X

Avatar of undefined
Last Comment
Tom Beck

8/22/2022 - Mon
Chris H

Can you try hard-coding an IP on one of the adapters and re-test connectivity?  Possible slow DHCP response poisoning your gateway address?
Craig Beck

Does your client trust the IAS self-signed certificate?  Have you imported it into your Mac?
Tom Beck

I currently have hard coded IP and DNS on the adapter on my laptop.

Import the self-signed certificate? Had not considered that. Does that explain the message "unresponsive".

I'm away from the site until Monday, but I appreciate the suggestions.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Craig Beck

It may do.

Authentication happens before IP connectivity is established so whether you have an IP address or not is completely irrelevant.
Tom Beck

Not making any progress on this. I imported the server certificate into the OS X keychain and set to "always trust". Still getting "The authentication server is unresponsive". I don't see any indication on the server that it is even getting a request for authentication. I have all logging turned on. No events appear on the firewall when I attempt to connect wirelessly to the server.
Craig Beck

Does a different type of device connect without a problem?
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Tom Beck

Like a Windows laptop for example? I can bring one in tomorrow.

The Wireless Policy I created on the IAS server includes Domain Users and Domain Computers. Does that mean one or the other or does it have to be both, domain user using a domain computer?
Craig Beck

In the policy it depends how you do it.

If you set one condition to contain Domain Users, then add another separate condition in that policy to include Domain Users, you need to be in both groups, so that will mean AND.

If you set one condition in the policy to contain both Users and Computers, that will mean OR.

Get what I mean?
Tom Beck

Yes. I have both in one policy.

Trying Wireshark now to see if I can tell what's happening.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Tom Beck

From Wireshark, it looks like it never makes any requests to the IAS server for authentication after I hit the "Join" button. Yet I know on the Netgear that I have the IAS server ip address as the RADIUS server.
Craig Beck

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Tom Beck

Tried from a Windows 7 laptop, still nothing. The access point does not even seem to be aware of the network although its static ip is on the same subnet. There's no evidence of any communication with the RADIUS server when I hit the Join button after entering my credentials.

The idea does not deserve any more of my time. I am abandoning it. Thanks for the suggestions. Awarding points for that.