Hello,

I'm having trouble to make my Wireless network work with IAS ans
PEAP-MSCHAPv2.

I made all the setup needed :
Active Directory
IAS Server with a correct certificate trusted by workstations
Wireless AP that support RADIUS (Linksys WAP54G)

My XP client try to authenticate but stay in that step for ever, and IAS
doest not complain about anything (nothing in event log and in radius log).

If I uncheck "use my logon credentials", It ask me for a credential :
- If I put  good credentials, it do the same (Autenticating for ever), with
no error in IAS event log
- If I put whatever, IAS say that the username is not good and Windows XP
ask me for new credentials after some time
- If I put a good username and a bad password, IAS say that password is bad
and XP ask me for a new one.

Do you know what could be my problem ?

Regards,

Laurent

[ Post a follow-up to this message ]

It seems like all components can talk. I think I've run into that problem
already.

You're sure XP trusts the CA that issue the server cert to IAS? That means
XP has the CA cert in its Trusted Root store
Also, did you explicitely trust the CA in the WZCSVC UI?



"Laurent H." <laurent.news@kally.net> wrote in message
news:4253ce1a$0$12226$626a14ce@news.free.fr...
> Hello,
>
> I'm having trouble to make my Wireless network work with IAS ans
> PEAP-MSCHAPv2.
>
> I made all the setup needed :
> Active Directory
> IAS Server with a correct certificate trusted by workstations
> Wireless AP that support RADIUS (Linksys WAP54G)
>
> My XP client try to authenticate but stay in that step for ever, and IAS
> doest not complain about anything (nothing in event log and in radius
log).
>
> If I uncheck "use my logon credentials", It ask me for a credential :
> - If I put  good credentials, it do the same (Autenticating for ever),
with
> no error in IAS event log
> - If I put whatever, IAS say that the username is not good and Windows XP
> ask me for new credentials after some time
> - If I put a good username and a bad password, IAS say that password is
bad
> and XP ask me for a new one.
>
> Do you know what could be my problem ?
>
> Regards,
>
> Laurent
>
>

[ Post a follow-up to this message ]

"Thomas K" <thomas@kuborn.be> a écrit dans le message de news:
4253d30b$0$44092$5fc3050@dreader2.news.tiscali.nl...
> It seems like all components can talk. I think I've run into that problem
> already.
>
> You're sure XP trusts the CA that issue the server cert to IAS? That means
> XP has the CA cert in its Trusted Root store



Hello, thanks for your response.
The Root CA is automatically added by active directory in the Trust root
store. If I open the Root CA certificate, it is shown valid and trusted.


> Also, did you explicitely trust the CA in the WZCSVC UI?
>

Sorry what WZCSVC UI mean ?

Regards,

Laurent

[ Post a follow-up to this message ]

When you right click on a network connection & go into its properties you
have an authentication tab
Hits "properties" again
You'll see a section "Trusted Root certification Authorities"
Try to enforce CA trust there & see if it helps.

Cheerio,

/T

"Laurent H." <laurent.news@kally.net> wrote in message
news:4253d541$0$12190$626a14ce@news.free.fr...
> "Thomas K" <thomas@kuborn.be> a écrit dans le message de news:
> 4253d30b$0$44092$5fc3050@dreader2.news.tiscali.nl... 
problem[vbcol=seagreen] 
means[vbcol=seagreen] 
>
>
>
> Hello, thanks for your response.
> The Root CA is automatically added by active directory in the Trust root
> store. If I open the Root CA certificate, it is shown valid and trusted.
>
> 
>
> Sorry what WZCSVC UI mean ?
>
> Regards,
>
> Laurent
>
>

[ Post a follow-up to this message ]

"Thomas K" <thomas@kuborn.be> a écrit dans le message de news:
4253dc1b$0$44098$5fc3050@dreader2.news.tiscali.nl...
> When you right click on a network connection & go into its properties you
> have an authentication tab
> Hits "properties" again
> You'll see a section "Trusted Root certification Authorities"
> Try to enforce CA trust there & see if it helps.
>
> Cheerio,
>
> /T

Unfortunately it does not.

Someone had the same problem : the problem was that his IAS was multihomed
like mine. But even with only one IP on the server, I still have the
problem.

So I definitely doesn't known what I can do to make it work. Very strange,
it seems that it is pretty much simple... I activated tracing, and
everything seems good (success, done, ok, chalenge ok etc).

I tried a XP SP1 and XP SP2... Nothing...

Regards,
Laurent

[ Post a follow-up to this message ]

"Laurent H." <laurent.news@kally.net>

> Hello,
>
> I'm having trouble to make my Wireless network work with IAS ans
> PEAP-MSCHAPv2.
>
> I made all the setup needed :
> Active Directory
> IAS Server with a correct certificate trusted by workstations
> Wireless AP that support RADIUS (Linksys WAP54G)
>
> My XP client try to authenticate but stay in that step for ever, and IAS
> doest not complain about anything (nothing in event log and in radius
> log).
>
> If I uncheck "use my logon credentials", It ask me for a credential :
> - If I put  good credentials, it do the same (Autenticating for ever),
> with no error in IAS event log
> - If I put whatever, IAS say that the username is not good and Windows XP
> ask me for new credentials after some time
> - If I put a good username and a bad password, IAS say that password is
> bad and XP ask me for a new one.
>
> Do you know what could be my problem ?
>
> Regards,
>
> Laurent
>

It seems my linksys WAP54G have problems comminicating with IAS for some
reason. I saw a lot of people say that it work but they all use Windows 2003
IAS whereas I'm using w2k...

I tested 2 workstations (XP SP1 and XP SP2), I tested even Intel Pro Set
wireless client, the result is the same : with a false user identify, the
connexion is logged an rejected in IAS, with a correct identity, nothing
happen, XP client pass "Verifying identity" step but block on
"authenticating" for ever...

How can I see the dialog between the NAS (linksys and IAS) ?

Regards,

Laurent

[ Post a follow-up to this message ]

Setup a network sniffer (I recommend ethereal) on IAS & capture UDP:1645 &
UDP:1812
http://www.ethereal.com/

Don't hesitate to post the capture file.

/T

> It seems my linksys WAP54G have problems comminicating with IAS for some
> reason. I saw a lot of people say that it work but they all use Windows
> 2003 IAS whereas I'm using w2k...
>
> I tested 2 workstations (XP SP1 and XP SP2), I tested even Intel Pro Set
> wireless client, the result is the same : with a false user identify, the
> connexion is logged an rejected in IAS, with a correct identity, nothing
> happen, XP client pass "Verifying identity" step but block on
> "authenticating" for ever...
>
> How can I see the dialog between the NAS (linksys and IAS) ?
>
> Regards,
>
> Laurent

[ Post a follow-up to this message ]

"Thomas K" <thomas@kuborn.be>
> Setup a network sniffer (I recommend ethereal) on IAS & capture UDP:1645 &
> UDP:1812
> http://www.ethereal.com/
>
> Don't hesitate to post the capture file.
>
> /T

Thanks for the links,

Here is my capture file in etherreal format.
It make a loop with "RADIUS ACCESS REQUEST" (from the NAS), and "RADIUS
ACCESS CHALENGE" (from IAS).
I don't know what to deduce from that...

Regards,

Laurent

[ Post a follow-up to this message ]

"Laurent H." <laurent.news@kally.net> a écrit dans le message de news:
4254fa86$1$12196$626a14ce@news.free.fr...
> Here is my capture file in etherreal format.

Sorry :

File is at http://www.kally.net/capt.cap

[ Post a follow-up to this message ]

You could also get a capture on the XP machine
look for ether proto 0x888e (EAP)


"Laurent H." <laurent.news@kally.net> wrote in message
news:4254fb6d$0$12189$626a14ce@news.free.fr...
>
> "Laurent H." <laurent.news@kally.net> a écrit dans le message de news:
> 4254fa86$1$12196$626a14ce@news.free.fr... 
>
> Sorry :
>
> File is at http://www.kally.net/capt.cap
>
>

[ Post a follow-up to this message ]