|
Home > Archive > Radius Server > October 2004 > ias 802.1x
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| Hello,
Attempting to configure 802.1x with IAS running on 2000. It seems to work on
the one 2000 Laptop we have (well, it gets an IP), but none of the XP ones
want to get one, and just end up with apipa addresses. Heres the Log from
IASSAM.log. I've tried various authentication methods and protocls, and they
all seem to do the following. The one below is using certificates. I'am
assuming after "Issuing Access-Challenge." somtheing else should happen? It
seems to wait 30 seconds and then repeat.
[7944] 10:10:52:521: NT-SAM Names handler received request with user
identity domain\user
[7944] 10:10:52:521: Username is already an NT4 account name.
[7944] 10:10:52:521: SAM-Account-Name is "DOMAIN\userr".
[7944] 10:10:52:521: NT-SAM Authentication handler received request for
DOMAIN\user.
[7944] 10:10:52:521: No SAM credentials found. Checking account restrictions
and computing groups manually.
[7944] 10:10:52:521: Sending LDAP search to domain.co.uk.
[7944] 10:10:52:521: Successfully processed account.
[7944] 10:10:52:521: NT-SAM User Authorization handler received request for
DOMAIN\user.
[7944] 10:10:52:521: Using downlevel dial-in parameters.
[7944] 10:10:52:521: Sending LDAP search to domain.co.uk.
[7944] 10:10:52:521: Inserting attribute msNPAllowDialin.
[7944] 10:10:52:521: Successfully retrieved per-user attributes.
[7944] 10:10:52:521: NT-SAM EAP handler received request.
[7944] 10:10:52:521: No State attribute present. Creating new session.
[7944] 10:10:52:521: Successfully created new session for user DOMAIN\user.
[7944] 10:10:52:521: Setting max. packet length to 1376.
[7944] 10:10:52:521: Processing output from EAP DLL.
[7944] 10:10:52:521: Inserting outbound EAP-Message of length 6.
[7944] 10:10:52:521: Issuing Access-Challenge.
[My gap]
[7224] 10:11:22:521: NT-SAM Names handler received request with user
identity domain\user.
[7224] 10:11:22:521: Username is already an NT4 account name.
[7224] 10:11:22:521: SAM-Account-Name is "DOMAIN\user".
[7224] 10:11:22:521: NT-SAM Authentication handler received request for
DOMAIN\user.
[7224] 10:11:22:521: No SAM credentials found. Checking account restrictions
and computing groups manually.
[7224] 10:11:22:521: Sending LDAP search to domain.co.uk.
[7224] 10:11:22:521: Successfully processed account.
[7224] 10:11:22:521: NT-SAM User Authorization handler received request for
DOMAIN\user.
[7224] 10:11:22:521: Using downlevel dial-in parameters.
[7224] 10:11:22:521: Sending LDAP search to domain.co.uk.
[7224] 10:11:22:521: Inserting attribute msNPAllowDialin.
[7224] 10:11:22:521: Successfully retrieved per-user attributes.
[7224] 10:11:22:521: NT-SAM EAP handler received request.
[7224] 10:11:22:521: No State attribute present. Creating new session.
[7224] 10:11:22:521: Successfully created new session for user DOMAIN\user.
[7224] 10:11:22:521: Setting max. packet length to 1376.
[7224] 10:11:22:521: Processing output from EAP DLL.
[7224] 10:11:22:521: Inserting outbound EAP-Message of length 6.
[7224] 10:11:22:521: Issuing Access-Challenge.
Thanks for any help / tips!
Barry
| |
|
| i lied. It doesn't work with the 2000 laptop either
| |
| Sam Salhi [MSFT] 2004-10-15, 9:25 pm |
| Looks like you have a major configuration issues
Please refer to http://www.microsoft.com/wifi and follow the steps on how to
setup your IAS server
--
========================================
=====
This posting is provided "AS IS" with no warranties, and confers no
rights.
========================================
=====
"barry" <bmercer@bnota.tk.com> wrote in message
news:416e3a9e$1@news.star.co.uk...
> Hello,
>
> Attempting to configure 802.1x with IAS running on 2000. It seems to work
> on the one 2000 Laptop we have (well, it gets an IP), but none of the XP
> ones want to get one, and just end up with apipa addresses. Heres the Log
> from IASSAM.log. I've tried various authentication methods and protocls,
> and they all seem to do the following. The one below is using
> certificates. I'am assuming after "Issuing Access-Challenge." somtheing
> else should happen? It seems to wait 30 seconds and then repeat.
>
>
> [7944] 10:10:52:521: NT-SAM Names handler received request with user
> identity domain\user
> [7944] 10:10:52:521: Username is already an NT4 account name.
> [7944] 10:10:52:521: SAM-Account-Name is "DOMAIN\userr".
> [7944] 10:10:52:521: NT-SAM Authentication handler received request for
> DOMAIN\user.
> [7944] 10:10:52:521: No SAM credentials found. Checking account
> restrictions and computing groups manually.
> [7944] 10:10:52:521: Sending LDAP search to domain.co.uk.
> [7944] 10:10:52:521: Successfully processed account.
> [7944] 10:10:52:521: NT-SAM User Authorization handler received request
> for DOMAIN\user.
> [7944] 10:10:52:521: Using downlevel dial-in parameters.
> [7944] 10:10:52:521: Sending LDAP search to domain.co.uk.
> [7944] 10:10:52:521: Inserting attribute msNPAllowDialin.
> [7944] 10:10:52:521: Successfully retrieved per-user attributes.
> [7944] 10:10:52:521: NT-SAM EAP handler received request.
> [7944] 10:10:52:521: No State attribute present. Creating new session.
> [7944] 10:10:52:521: Successfully created new session for user
> DOMAIN\user.
> [7944] 10:10:52:521: Setting max. packet length to 1376.
> [7944] 10:10:52:521: Processing output from EAP DLL.
> [7944] 10:10:52:521: Inserting outbound EAP-Message of length 6.
> [7944] 10:10:52:521: Issuing Access-Challenge.
> [My gap]
> [7224] 10:11:22:521: NT-SAM Names handler received request with user
> identity domain\user.
> [7224] 10:11:22:521: Username is already an NT4 account name.
> [7224] 10:11:22:521: SAM-Account-Name is "DOMAIN\user".
> [7224] 10:11:22:521: NT-SAM Authentication handler received request for
> DOMAIN\user.
> [7224] 10:11:22:521: No SAM credentials found. Checking account
> restrictions and computing groups manually.
> [7224] 10:11:22:521: Sending LDAP search to domain.co.uk.
> [7224] 10:11:22:521: Successfully processed account.
> [7224] 10:11:22:521: NT-SAM User Authorization handler received request
> for DOMAIN\user.
> [7224] 10:11:22:521: Using downlevel dial-in parameters.
> [7224] 10:11:22:521: Sending LDAP search to domain.co.uk.
> [7224] 10:11:22:521: Inserting attribute msNPAllowDialin.
> [7224] 10:11:22:521: Successfully retrieved per-user attributes.
> [7224] 10:11:22:521: NT-SAM EAP handler received request.
> [7224] 10:11:22:521: No State attribute present. Creating new session.
> [7224] 10:11:22:521: Successfully created new session for user
> DOMAIN\user.
> [7224] 10:11:22:521: Setting max. packet length to 1376.
> [7224] 10:11:22:521: Processing output from EAP DLL.
> [7224] 10:11:22:521: Inserting outbound EAP-Message of length 6.
> [7224] 10:11:22:521: Issuing Access-Challenge.
>
> Thanks for any help / tips!
>
> Barry
>
| |
|
| Sam Salhi [MSFT] wrote:
> Looks like you have a major configuration issues
> Please refer to http://www.microsoft.com/wifi and follow the steps on how to
> setup your IAS server
>
>
I was sure I did that  Weirdly it did work, then stopped (as things
often do)... so I don't know if someone has been messing. Not important.
Trash and try again then
Cheers
| |
|
| ok I give up, prod me in the right direction and what would cause it to time
out at that time as so far as I can see everything is set up fine. I've
double checked the CA, IAS and the clients... and I'm ahving huge troubles.
Help
"Sam Salhi [MSFT]" <samers@online.microsoft.com> wrote in message
news:OildoigsEHA.3320@TK2MSFTNGP15.phx.gbl...
> Looks like you have a major configuration issues
> Please refer to http://www.microsoft.com/wifi and follow the steps on how
> to setup your IAS server
>
>
> --
> ========================================
=====
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> ========================================
=====
>
| |
|
| Sorted, reinstalled IAS on a different server. I did reinstall it on the
curretn server, and it still wasnt working. All seem ok now!
Yay :D
"barry" <bmercer@bnota.tk.com> wrote in message
news:416fa1eb$1@news.star.co.uk...
> ok I give up, prod me in the right direction and what would cause it to
> time out at that time as so far as I can see everything is set up fine.
> I've double checked the CA, IAS and the clients... and I'm ahving huge
> troubles. Help
>
>
>
>
> "Sam Salhi [MSFT]" <samers@online.microsoft.com> wrote in message
> news:OildoigsEHA.3320@TK2MSFTNGP15.phx.gbl...
>
| |
| Sam Salhi [MSFT] 2004-10-18, 2:52 am |
| Happy to hear that
Please keep letting us know how things go with you
--
========================================
=====
This posting is provided "AS IS" with no warranties, and confers no
rights.
========================================
=====
"barry" <bmercer@bnota.tk.com> wrote in message
news:416fb14b$1@news.star.co.uk...
> Sorted, reinstalled IAS on a different server. I did reinstall it on the
> curretn server, and it still wasnt working. All seem ok now!
>
> Yay :D
>
>
> "barry" <bmercer@bnota.tk.com> wrote in message
> news:416fa1eb$1@news.star.co.uk...
>
>
|
|
|
|
|