|
Home > Archive > Radius Server > October 2006 > 802.1x Authentication fails after FW upgrade
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
802.1x Authentication fails after FW upgrade
|
|
| Johan Rydin 2006-10-04, 7:33 am |
| Hi!
We have a wireless network with HP 420 Access Points. We're using PEAP with
computer certificates and clients are controlled by group polices.
Everything was working fine until I updated the firmware to 2.1.5. The
computers would not authenticate and I received the following error in the
eventlog.
Access request for user host/xxxx.domain.com was discarded.
Fully-Qualified-User-Name = domain.com/OU/OU/XXXX
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Identifier = MYHPAP
Called-Station-Identifier = 001234567890
Calling-Station-Identifier = 002345678901
Client-Friendly-Name = MYHPAP
Client-IP-Address = xxx.xxx.xxx.xxx
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 1
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Reason-Code = 97
Reason = The authentication request was not processed because it contained
a Remote Authentication Dial-In User Service (RADIUS) message that was not
appropriate for the secure authentication transaction.
If I roll back to the previous firmware (2.1.2) it's working fine again,
however there are some new fixes and features in the new FW that I would
like to use.
The changelog specifies the following:
Authentication - An extra 8-byte data pad exists within first EAPOL Key
packet from the access point to a client during a WPA 4-way key exchange
process. (18-01177)
This is the most likely change to cause the problem.
Anyone experience the same problem or know how to resolve it?
Best regards,
Johan Rydin
| |
| Johan Rydin 2006-10-18, 7:27 am |
| Nevermind, we got an update from HP (debug release) which resolved the
issue.
We still don't know why 2.1.5 didn't work though.
"Johan Rydin" <j_rydin@hotmail.com> wrote in message
news:e%23u2Yn55GHA.2208@TK2MSFTNGP04.phx.gbl...
> Hi!
>
> We have a wireless network with HP 420 Access Points. We're using PEAP
> with computer certificates and clients are controlled by group polices.
> Everything was working fine until I updated the firmware to 2.1.5. The
> computers would not authenticate and I received the following error in the
> eventlog.
>
> Access request for user host/xxxx.domain.com was discarded.
> Fully-Qualified-User-Name = domain.com/OU/OU/XXXX
> NAS-IP-Address = xxx.xxx.xxx.xxx
> NAS-Identifier = MYHPAP
> Called-Station-Identifier = 001234567890
> Calling-Station-Identifier = 002345678901
> Client-Friendly-Name = MYHPAP
> Client-IP-Address = xxx.xxx.xxx.xxx
> NAS-Port-Type = Wireless - IEEE 802.11
> NAS-Port = 1
> Proxy-Policy-Name = Use Windows authentication for all users
> Authentication-Provider = Windows
> Authentication-Server = <undetermined>
> Reason-Code = 97
> Reason = The authentication request was not processed because it contained
> a Remote Authentication Dial-In User Service (RADIUS) message that was not
> appropriate for the secure authentication transaction.
>
> If I roll back to the previous firmware (2.1.2) it's working fine again,
> however there are some new fixes and features in the new FW that I would
> like to use.
>
> The changelog specifies the following:
> Authentication - An extra 8-byte data pad exists within first EAPOL Key
> packet from the access point to a client during a WPA 4-way key exchange
> process. (18-01177)
>
> This is the most likely change to cause the problem.
>
> Anyone experience the same problem or know how to resolve it?
>
>
> Best regards,
> Johan Rydin
>
|
|
|
|
|