WPA2 Enterprise - Validating Identity
Solution 1:
Heh heh... I setup exactly what you're describing with that very AP earlier this week for a Customer.
- RADIUS Standard works fine for that AP.
- To rule out the certificate validation, uncheck the "Validate Server Certificate" setting in the PEAP properties on the client at least temporarily.
- Be sure that IAS is starting and running. I've seen problems with IAS and the need to set "ReservedPorts" since the Kaminsky DNS update. See http://support.microsoft.com/kb/956189 for details.
- Are you seeing the authentication requests coming in from the AP in the server's event log? If not, throw "Network Monitor" on the server (or Wireshark if you're so inclined) and sniff the traffic between the server and the AP.
On a couple of occasions I've seen that particular AP (don't know what firmware) suddenly stop attempting to authnenticate clients (it never sends any RADIUS requests) and power-cycling the AP "fixes" the issue. I suspect a firmware upgrade probably fixes that behaviour.
Solution 2:
I'd start by reviewing the event logs on your IAS server for reasoning as to why it's not authenticating your client. I've found the logs to be quite helpful in determining where along the the bases your authentication is getting hung up (client -> AP -> IAS).