I have a server that I am trying to setup RADIUS for
wireless clients. It is a small business, but as it is
healthcare we need a strong, and reliable
authentication protocol for our domain.
The trouble I am having is that the IAS logs this:
NAS-IP-Address : 192.168.0.1
User-Name : host/Tablet02.healthcare.opt
Record-Date : 10/24/2009
Record-Time : 10:22:10
Service-Name : IAS
Computer-Name : SERVER1
NAS-IP-Address : 192.168.0.1
Called-Station-Id : 0018f8434ad9
Calling-Station-Id : 001de0440f77
NAS-Identifier : 0018f8434ad9
NAS-Port : 60
Framed-MTU : 1400
NAS-Port-Type : Wireless - IEEE 802.11
Client-IP-Address : 192.168.0.1
Client-Vendor : RADIUS Standard
Client-Friendly-Name: Wireless N Router
Provider-Type : Windows
Proxy-Policy-Name : Use Windows authentication
for all users
Class : 311 1 192.168.0.3 10/24/2009
02:00:06 260
SAM-Account-Name : HEALTHCARE\TABLET02$
Authentication-Type : EAP
NP-Policy-Name : Wi-Fi Access
Fully-Qualifed-User-Name:
healthcare.opt/Health/Computers/Laptops/Optical/T
ABLET02
Packet-Type : Access-Request
Reason-Code : The operation completed
successfully.
The line logged into the file:
192.168.0.1,host/Tablet02.healthcare.opt,10/24
/2009,10:22:10,IAS,SERVER1,25,311 1 192.168.0.3
10/24/2009 02:00:06 260,4130,red
hawkvision.opt/Health/Computers/Laptops/Optical/TA
BLET02,4149,Wi-Fi Access,4127
,5,4129,HEALTHCARE\TABLET02$,4154,Use
Windows authentication for all users,41
55,1,4108,192.168.0.1,4116,0,4128,Wireless N
Router,4136,3,4142,65
NAS-IP-Address : 192.168.0.1
User-Name : host/Tablet02.healthcare.opt
Record-Date : 10/24/2009
Record-Time : 10:22:10
Service-Name : IAS
Computer-Name : SERVER1
Class : 311 1 192.168.0.3 10/24/2009
02:00:06 260
Fully-Qualifed-User-Name:
healthcare.opt/Health/Computers/Laptops/Optical/T
ABLET02
NP-Policy-Name : Wi-Fi Access
Authentication-Type : EAP
SAM-Account-Name : HEALTHCARE\TABLET02$
Proxy-Policy-Name : Use Windows authentication
for all users
Provider-Type : Windows
Client-IP-Address : 192.168.0.1
Client-Vendor : RADIUS Standard
Client-Friendly-Name: Wireless N Router
Packet-Type : Access-Reject
Reason-Code : The connection attempt failed
because remote access permi
ssion for the user account was denied. To allow
remote access, enable remote acc
ess permission for the user account, or, if the user
account specifies that acce
ss is controlled through the matching remote access
policy, enable remote access
permission for that remote access policy.
I have verified that my certs have propagated to the
tablets, the Wireless router appears to be working
correctly, registered the server in active directory,
etc… I am out of ideas. Does anyone have a clue
what is going on?
Also of note, I see, when I use wireshark on the client
1.)Initial Packet from Client to Wifi (EAPOL - Start)
2.) Request for identity from Wifi Router to Client (EAP - Request Identity)
3.) Response from Client with User Identity to router (EAP - Response, Identity)
then nothing further.
Thank you,
Drios
wireless clients. It is a small business, but as it is
healthcare we need a strong, and reliable
authentication protocol for our domain.
The trouble I am having is that the IAS logs this:
NAS-IP-Address : 192.168.0.1
User-Name : host/Tablet02.healthcare.opt
Record-Date : 10/24/2009
Record-Time : 10:22:10
Service-Name : IAS
Computer-Name : SERVER1
NAS-IP-Address : 192.168.0.1
Called-Station-Id : 0018f8434ad9
Calling-Station-Id : 001de0440f77
NAS-Identifier : 0018f8434ad9
NAS-Port : 60
Framed-MTU : 1400
NAS-Port-Type : Wireless - IEEE 802.11
Client-IP-Address : 192.168.0.1
Client-Vendor : RADIUS Standard
Client-Friendly-Name: Wireless N Router
Provider-Type : Windows
Proxy-Policy-Name : Use Windows authentication
for all users
Class : 311 1 192.168.0.3 10/24/2009
02:00:06 260
SAM-Account-Name : HEALTHCARE\TABLET02$
Authentication-Type : EAP
NP-Policy-Name : Wi-Fi Access
Fully-Qualifed-User-Name:
healthcare.opt/Health/Computers/Laptops/Optical/T
ABLET02
Packet-Type : Access-Request
Reason-Code : The operation completed
successfully.
The line logged into the file:
192.168.0.1,host/Tablet02.healthcare.opt,10/24
/2009,10:22:10,IAS,SERVER1,25,311 1 192.168.0.3
10/24/2009 02:00:06 260,4130,red
hawkvision.opt/Health/Computers/Laptops/Optical/TA
BLET02,4149,Wi-Fi Access,4127
,5,4129,HEALTHCARE\TABLET02$,4154,Use
Windows authentication for all users,41
55,1,4108,192.168.0.1,4116,0,4128,Wireless N
Router,4136,3,4142,65
NAS-IP-Address : 192.168.0.1
User-Name : host/Tablet02.healthcare.opt
Record-Date : 10/24/2009
Record-Time : 10:22:10
Service-Name : IAS
Computer-Name : SERVER1
Class : 311 1 192.168.0.3 10/24/2009
02:00:06 260
Fully-Qualifed-User-Name:
healthcare.opt/Health/Computers/Laptops/Optical/T
ABLET02
NP-Policy-Name : Wi-Fi Access
Authentication-Type : EAP
SAM-Account-Name : HEALTHCARE\TABLET02$
Proxy-Policy-Name : Use Windows authentication
for all users
Provider-Type : Windows
Client-IP-Address : 192.168.0.1
Client-Vendor : RADIUS Standard
Client-Friendly-Name: Wireless N Router
Packet-Type : Access-Reject
Reason-Code : The connection attempt failed
because remote access permi
ssion for the user account was denied. To allow
remote access, enable remote acc
ess permission for the user account, or, if the user
account specifies that acce
ss is controlled through the matching remote access
policy, enable remote access
permission for that remote access policy.
I have verified that my certs have propagated to the
tablets, the Wireless router appears to be working
correctly, registered the server in active directory,
etc… I am out of ideas. Does anyone have a clue
what is going on?
Also of note, I see, when I use wireshark on the client
1.)Initial Packet from Client to Wifi (EAPOL - Start)
2.) Request for identity from Wifi Router to Client (EAP - Request Identity)
3.) Response from Client with User Identity to router (EAP - Response, Identity)
then nothing further.
Thank you,
Drios