DescriptionClients fail to authenticate by the Radius server while using the windows log on name.
ScopeKB ARTICLE TYPE: Troubleshooting
RELATED PRODUCTS: Controller
RELATED SOFTWARE VERSIONS: N/A
KEYWORDS: Controller, SSID, radius server
SolutionThe
Radius server used in the Network was IAS server and the clients that
failed to connect were a Windows client that is configured to connect
using the windows log on name. STEPS TAKEN FOR TROUBLESHOOTING:
| STEP 1 : | Verified
the security profile configuration and the ESS profile configuration.
The security type is selected as WPA-TKIP and the Radius profile is
mapped to the security profile. The ESS profile created is mapped to the
respective security profile. |
| STEP 2 : | Verified
the Radius configuration. The Radius profile is created and the Remote
access policy was set with the correct attribute with the Windows group
selected where the users are mapped. The EAP Method selected as
MS-CHAPv1 and MS-CHAPv2. The EAP type was selected as Protected EAP. The
type used to authenticate is EAP-TTLS and verified if the correct
certificate is mapped to the correct EAP type. |
| STEP 3: | Both the controller and the Radius server configurations were performed correctly. |
| STEP 4 : | Tried
testing the client again, as the configurations were done correctly.
The client failed to authenticate successfully. It was not talking the
windows log on name instead it was prompting for the user credentials. |
| STEP 5: | Verified
if the client using the Windows supplicant configuration was done
correctly. Found that the client was not configured correctly. Verified
the SSID added in the preferred Networks by going to the wireless
properties of the adapter. The security type and the Network
authentication Methods were selected correctly. The checkbox stating
"Validate server certificate" was unchecked and the authentication
method was configured to use the users created in the ADS as the option
"Automatically use the Windows Log on name and password (and domain if
any)" was unchecked. |
| STEP 6: | Configured
the authentication method to use the windows log on credentials by
selecting the option "Automatically use the Windows Log on name and
password (and domain if any)". |
| STEP 7: | Tested the client connectivity - the client got connected successfully and was associated to the network. |
| RESOLUTION : | Configuring the SSID and the authentication parameters correctly in the client fixed the issue. |
| ROOT CAUSE: | The
controller and the Radius server were configured correctly. The client
failed to authenticate as the authentication parameters were not set
correctly |
