Home / Q&A
Follow via:
RSS
Email Alert
Question
0 Votes
+ -

PEAP authentication failed

Hello,


Thank you for the excellent Ultimate wireless security guide but I've no success with it wink

To make tests, I'm using an new Aironet 1242 and a Cisco pci wireless card.

I usually use and configure Cisco devices and I know the Win2k3 domain environnement.

In the debugs on the access-point, I see "station authentication failed". And what I find that it's also strange is the fact that nothing appears in the event viewer of the Win2k3 server (I'm sure of the communication between the ap and the server of course).

An idea ?

Thank you,

Alain
Tags: networking, wireless peap
info@...
21st Jan 2007
Answer the Question

Answers (5)

Preferences
0 Votes
+ -
Did you solve this ?
Hi, I am rolling out a solution with exactly the same unit (1242G) and experience the same problem. "station authentication failed". And nothing shows in the log files for ias or any other place on the 2003 server. If you found a solution please point me in the right direction here, i am banging my head into the wall....

Kjell
kjell.braten@...
Updated - 4th Jun 2007

Replies

Hi,
With reference to your posting regarding the Authication failure on 1242AG, I was just wondering if you had any luck with it because I'm facing exactly the same problem and have had no luck in finding a solution. Any tips would be highly appreciated.

Thanks,

Juzar
JZaveri@... 21st Jan 2008
I need more than just authentication failed from you. What is your setup like? DHCP? any other routers in between the wireless and the Radius server. If so, make sure the correct ports are open for authentication and accounting. or is it a direct connection to the server?
are you broadcasting the SSID? Are you using a certificate? If so is it installed on the client computers? There are many reasons for authentication errors.
Leo@... 23rd Jan 2008
Thank you for your response.
Intentions are to use a CA certificate for PEAP authentication. Following is what I have done so far:
1) Installed Microsoft CA
2) Created root/server certificates
3) Ensured that the certificates are replicated to my servers (Domain Controllers)
4) Installed IAS on my DCs
5) Configured a profile to use PEAP as the authentication.
6) Added the Cisco AP in IAS to act as a Radius Client.
7) Configured the "Radius Server" on my Cisco 1241 Access point (setup shared secret, etc.)
8) Ensured that the certificates are deployed to the workstations.

The above configuration has been done to establish wireless connectivity for a wireless client.

Additionally:
1) SSID is not broadcasted
2) There are no routers between the AP and the Radius Server.
3) DHCP is used for the client PCs

Thank you once again for your time and assistance.

Juzar Zaveri
JZaveri@... 31st Jan 2008
Believe it or not. My setup would not work either untill i broadcasted the ssid on the ap. I dont realy care about broadcasting the ssid because it does not pose a security risk. And it if you hide it, it can still be sniffed out by software so it does not matter. That might just do it.
Good luck. By the way, did you configure a Wifi policy for your environment. Not that it's mandatory but it makes it easy to deploy to clients on the domain. Make sure windows in managing the wifi on the computer and not third party software.
Dont overlook the obviouse, make sure wireless zero config service in turned on.

Good luck.
Leo
Leo@... 31st Jan 2008
0 Votes
+ -
I'm in the same boat
Hi,
I also read the guide several times now. I used to only use WEP so I wanted to look for a better way to secure my AP's with minimal user interaction required. Needless to say I cant get this PEAP to work. Maybe you can give me some suggestions becuase I dont even get any attemps logged into the Cisco AP event viewer. I'm pretty sure the problem lies in the AP config because the server side is was pretty easy to setup. I dont feel like there is anything happening between the AP and the windows2k3 RADIUS server. Do you know if I have to open any ports on the windows firewall?

Thanks,
Leo
any suggestions would be appreciated.
Leo@...
6th Nov 2007

Replies

And I bet you can do the same in the newer hardware. It takes a bit of time to configure, but on the screen where you setup logging, you can allocate memory to do packet capture, then do a total sniffer-like packet capture in the AP.

This is invaluable when troubleshooting authentication problems. I used it years ago to show an (arrogant) server admin that the FTP problem was HIS server being misconfigured, not my WLAN APs.
robo_dev 23rd Jan 2008
0 Votes
+ -
PEAP authentication failed (Cisco 1200 vs Win2k3)
Hi, I have same problem. I think its the Win2k3. I used WPA authentication. Followed the guide but no luck. Do anyone have an answer
Cheers,
Maddy
dmmchowdary@...
7th Nov 2007
0 Votes
+ -
Sorry, mis-post...
?

Edit: Maybe you could bug George Ou over ar ZDNet about this. Who knows?
seanferd
Updated - 21st Jan 2008
0 Votes
+ -
Event log
Your Windows 2K3 RADIUS server, system event log should show the error if the wireless router is setup correctly.
I would disable any firewall just to help determine the real cause.
Leo@...
22nd Jan 2008
Answer the question
Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

Join the TechRepublic Community and join the conversation! Signing-up is free and quick, Do it now, we want to hear your opinion.

Join Login

Keep Up with TechRepublic

Discover more newsletters

Follow us however you choose!

Media Gallery

View All

Hot Discussions

Start a Discussion
View All

Hot Questions

Ask a Question