G
Guest
Guest
Archived from groups: microsoft.public.windows.networking.wireless (More info?)
Somewhere on the 'net I found instructions on setting up 802.1x
authentication with a 2000 server and XP clients, using EAP-TLS. I
followed them, they worked fine, no problems. Installed IAS and
certificate services on the server, configured the wireless access
point (a linksys WRT54G), issued self signed certs to the client and
the server, configured the client for wireless, and bam, it connects.
Then I thought, what a pain it will be to issue certs to all the
clients. All I should have to do is change the profile in IAS, change
the settings on the client, to both use PEAP-MSCHAP2, and that should
work, too, right? wrong. When I try to connect, I get prompted to
enter a username/pw/domain ( cleared the flag that says use the windows
login settings). I do that, and it sits there forever trying to
connect. Ethereal traces on the ethernet show that the RADIUS server
never issues an accept, it just keeps sending out more challenges.
Why? what's failing here, and how do I fix it?
The problem is not that the username and pw are invalid, if you use an
invalid user, you are quickly prompted at the client to try another
password. So the server seems happy with the username/pw.
Anyone have any idea why EAP-TLS would work and PEAP in this setup, or
what other info can I look at to help figure this out?
Somewhere on the 'net I found instructions on setting up 802.1x
authentication with a 2000 server and XP clients, using EAP-TLS. I
followed them, they worked fine, no problems. Installed IAS and
certificate services on the server, configured the wireless access
point (a linksys WRT54G), issued self signed certs to the client and
the server, configured the client for wireless, and bam, it connects.
Then I thought, what a pain it will be to issue certs to all the
clients. All I should have to do is change the profile in IAS, change
the settings on the client, to both use PEAP-MSCHAP2, and that should
work, too, right? wrong. When I try to connect, I get prompted to
enter a username/pw/domain ( cleared the flag that says use the windows
login settings). I do that, and it sits there forever trying to
connect. Ethereal traces on the ethernet show that the RADIUS server
never issues an accept, it just keeps sending out more challenges.
Why? what's failing here, and how do I fix it?
The problem is not that the username and pw are invalid, if you use an
invalid user, you are quickly prompted at the client to try another
password. So the server seems happy with the username/pw.
Anyone have any idea why EAP-TLS would work and PEAP in this setup, or
what other info can I look at to help figure this out?