WPA2 Enterprise - Validating Identity

wifi radius wpa2 linksys windows-ias-server

Solution 1:

Heh heh... I setup exactly what you're describing with that very AP earlier this week for a Customer.

  • RADIUS Standard works fine for that AP.
  • To rule out the certificate validation, uncheck the "Validate Server Certificate" setting in the PEAP properties on the client at least temporarily.
  • Be sure that IAS is starting and running. I've seen problems with IAS and the need to set "ReservedPorts" since the Kaminsky DNS update. See http://support.microsoft.com/kb/956189 for details.
  • Are you seeing the authentication requests coming in from the AP in the server's event log? If not, throw "Network Monitor" on the server (or Wireshark if you're so inclined) and sniff the traffic between the server and the AP.

On a couple of occasions I've seen that particular AP (don't know what firmware) suddenly stop attempting to authnenticate clients (it never sends any RADIUS requests) and power-cycling the AP "fixes" the issue. I suspect a firmware upgrade probably fixes that behaviour.

Solution 2:

I'd start by reviewing the event logs on your IAS server for reasoning as to why it's not authenticating your client. I've found the logs to be quite helpful in determining where along the the bases your authentication is getting hung up (client -> AP -> IAS).

Related

How to reliably list ephemeral storage of an AWS instance?
Reverse DNS does not match SMTP Banner
iptables question: forwarding port x to an ssh port of different machine on the network
(111: Connection refused) while connecting to upstream - Opsworks Rails 4
How does the LeftHand SAN perform in a Production environment?
rsyslog server - Can you split up and organize logs?
How to delete files older than 30 days with robocopy?
FreeBSD Listen Queue Overflows - can't increase max queue size
Rsync over SSHFS hangs
SQL Server Management Studio not scripting all objects
Cisco ASA 5505 DMZ Setup Issue
Server ssh certificate chain against MITM attacks?