id="info"

Question

Locked

PEAP authentication failed

By info ·
Hello,


Thank you for the excellent Ultimate wireless security guide but I've no success with it ;-)

To make tests, I'm using an new Aironet 1242 and a Cisco pci wireless card.

I usually use and configure Cisco devices and I know the Win2k3 domain environnement.

In the debugs on the access-point, I see "station authentication failed". And what I find that it's also strange is the fact that nothing appears in the event viewer of the Win2k3 server (I'm sure of the communication between the ap and the server of course).

An idea ?

Thank you,

Alain

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Did you solve this ?

by kjell.braten In reply to PEAP authentication faile ...

Hi, I am rolling out a solution with exactly the same unit (1242G) and experience the same problem. "station authentication failed". And nothing shows in the log files for ias or any other place on the 2003 server. If you found a solution please point me in the right direction here, i am banging my head into the wall....

Kjell

Collapse -

PEAP Authentication

by JZaveri In reply to Did you solve this ?

Hi,
With reference to your posting regarding the Authication failure on 1242AG, I was just wondering if you had any luck with it because I'm facing exactly the same problem and have had no luck in finding a solution. Any tips would be highly appreciated.

Thanks,

Juzar

Collapse -

More info requested

by Leo In reply to PEAP Authentication

I need more than just authentication failed from you. What is your setup like? DHCP? any other routers in between the wireless and the Radius server. If so, make sure the correct ports are open for authentication and accounting. or is it a direct connection to the server?
are you broadcasting the SSID? Are you using a certificate? If so is it installed on the client computers? There are many reasons for authentication errors.

Collapse -

Wireless Authentication

by JZaveri In reply to More info requested

Thank you for your response.
Intentions are to use a CA certificate for PEAP authentication. Following is what I have done so far:
1) Installed Microsoft CA
2) Created root/server certificates
3) Ensured that the certificates are replicated to my servers (Domain Controllers)
4) Installed IAS on my DCs
5) Configured a profile to use PEAP as the authentication.
6) Added the Cisco AP in IAS to act as a Radius Client.
7) Configured the "Radius Server" on my Cisco 1241 Access point (setup shared secret, etc.)
Ensured that the certificates are deployed to the workstations.

The above configuration has been done to establish wireless connectivity for a wireless client.

Additionally:
1) SSID is not broadcasted
2) There are no routers between the AP and the Radius Server.
3) DHCP is used for the client PCs

Thank you once again for your time and assistance.

Juzar Zaveri

Collapse -

Enable ssid broadcast on cisco ap

by Leo In reply to Wireless Authentication

Believe it or not. My setup would not work either untill i broadcasted the ssid on the ap. I dont realy care about broadcasting the ssid because it does not pose a security risk. And it if you hide it, it can still be sniffed out by software so it does not matter. That might just do it.
Good luck. By the way, did you configure a Wifi policy for your environment. Not that it's mandatory but it makes it easy to deploy to clients on the domain. Make sure windows in managing the wifi on the computer and not third party software.
Dont overlook the obviouse, make sure wireless zero config service in turned on.

Good luck.
Leo

Collapse -

I'm in the same boat

by Leo In reply to PEAP authentication faile ...

Hi,
I also read the guide several times now. I used to only use WEP so I wanted to look for a better way to secure my AP's with minimal user interaction required. Needless to say I cant get this PEAP to work. Maybe you can give me some suggestions becuase I dont even get any attemps logged into the Cisco AP event viewer. I'm pretty sure the problem lies in the AP config because the server side is was pretty easy to setup. I dont feel like there is anything happening between the AP and the windows2k3 RADIUS server. Do you know if I have to open any ports on the windows firewall?

Thanks,
Leo
any suggestions would be appreciated.

Collapse -

In the Cisco 350 AP you can do full packet capture

by robo_dev In reply to I'm in the same boat

And I bet you can do the same in the newer hardware. It takes a bit of time to configure, but on the screen where you setup logging, you can allocate memory to do packet capture, then do a total sniffer-like packet capture in the AP.

This is invaluable when troubleshooting authentication problems. I used it years ago to show an (arrogant) server admin that the FTP problem was HIS server being misconfigured, not my WLAN APs.

Collapse -

PEAP authentication failed (Cisco 1200 vs Win2k3)

by dmmchowdary In reply to PEAP authentication faile ...

Hi, I have same problem. I think its the Win2k3. I used WPA authentication. Followed the guide but no luck. Do anyone have an answer
Cheers,
Maddy

Collapse -

Sorry, mis-post...

by seanferd In reply to PEAP authentication faile ...

?

Edit: Maybe you could bug George Ou over ar ZDNet about this. Who knows?

Collapse -

Event log

by Leo In reply to PEAP authentication faile ...

Your Windows 2K3 RADIUS server, system event log should show the error if the wireless router is setup correctly.
I would disable any firewall just to help determine the real cause.

Back to Networks Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Hardware Forums