Announcement

Collapse
No announcement yet.

Radius WiFi Authentication not working for specific users

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Radius WiFi Authentication not working for specific users

    I'm having difficulty with RADIUS authentication. Some users are unable to connect to WiFi. I've tried several devices (Mac OS X, Mobile phone, Windows XP, Windows 7) however the what I found is that it depends upon which user who is logging in, not the device.

    The RADIUS policy is set to allow "Domain Users" to connect to WiFi (ie. everyone on the domain)

    I've enabled RADIUS logging and here is the failed attempt I get:
    Network Policy Server denied access to a user.

    Contact the Network Policy Server administrator for more information.

    User:
    Security ID: CONTOSO\Paul
    Account Name: Paul
    Account Domain: CONTOSO
    Fully Qualified Account Name: CONTOSO.local/MyBusiness/User Names/Paul Hosie

    Client Machine:
    Security ID: NULL SID
    Account Name: -
    Fully Qualified Account Name: -
    OS-Version: -
    Called Station Identifier: 00-90-7F-83-8F-EA:Contoso
    Calling Station Identifier: 7C-6D-62-71-C6-28

    NAS:
    NAS IPv4 Address: -
    NAS IPv6 Address: -
    NAS Identifier: -
    NAS Port-Type: Wireless - IEEE 802.11
    NAS Port: 2

    RADIUS Client:
    Client Friendly Name: Watchguard
    Client IP Address: 192.168.1.254

    Authentication Details:
    Connection Request Policy Name: Use Windows authentication for all users
    Network Policy Name: SSL_VPN
    Authentication Provider: Windows
    Authentication Server: NT-EXCHANGE01.contoso.local
    Authentication Type: EAP
    EAP Type: -
    Account Session Identifier: -
    Logging Results: Accounting information was written to the local log file.
    Reason Code: 66
    Reason: The user attempted to use an authentication method that is not enabled on the matching network
    On the other hand, other people are able to connect:
    Network Policy Server granted full access to a user because the host met the defined health policy.

    User:
    Security ID: CONTOSO\Seiko
    Account Name: seiko
    Account Domain: CONTOSO
    Fully Qualified Account Name: CONTOSO\seiko

    Client Machine:
    Security ID: NULL SID
    Account Name: -
    Fully Qualified Account Name: -
    OS-Version: -
    Called Station Identifier: 00-90-7F-83-8F-EA:Contoso
    Calling Station Identifier: 7C-6D-62-71-C6-28

    NAS:
    NAS IPv4 Address: -
    NAS IPv6 Address: -
    NAS Identifier: -
    NAS Port-Type: Wireless - IEEE 802.11
    NAS Port: 2

    RADIUS Client:
    Client Friendly Name: Watchguard
    Client IP Address: 192.168.1.254

    Authentication Details:
    Connection Request Policy Name: Use Windows authentication for all users
    Network Policy Name: Wireless
    Authentication Provider: Windows
    Authentication Server: NT-EXCHANGE01.contoso.local
    Authentication Type: PEAP
    EAP Type: Microsoft: Secured password (EAP-MSCHAP v2)
    Account Session Identifier: -

    Quarantine Information:
    Result: Full Access
    Extended-Result: -
    Session Identifier: -
    Help URL: -
    System Health Validator Result(s): -
    Any ideas what is happening?

  • #2
    Re: Radius WiFi Authentication not working for specific users

    Definite config issue, the first user is being denied access to SSL_VPN according to the applied policy, and not wireless.
    BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
    sigpic
    Cruachan's Blog

    Comment

    Working...
    X