Question : Wireless Certificated RAIDUS authentication problems

Hi all,

I'm having a problem getting our new wifi set up and running as desired, so hope someone has come across this before and can point out where I'm going wrong.  I'm fairly new to RADIUS but am pretty sure it's installed and setup correctly.

The end result should be that Domain configured computers (with certificate from our CA) will be able to log onto the WIFI if logged into by a domain user.  Everything else trying to connect will be blocked.

Our setup is as follows:
Windows VIsta/XP clients (using Vista as my test machine)
Netgear WFS709TP wireless management switch.
Windows Server 2008 Std with NPS installed.
Client/Server cert installed on both the Vista and the 2008 boxs

NPS is configured to talk to the Netgear as a valid Authenticator/Client, and is registered in AD.
It currently has 1 connection request policy of
NAS Port Type: Wireless - Other OR Wireless IEEE 802.11
and a single Network Policy of
NAS Port Type: Wireless - Other OR  Wireless IEE 802.11
Machine Groups: <domain>\Domain Computers
User Groups: <domain>\Domain Users OR <domain>\Domain Admins

Authentication method is PEAP with the server's certificate issued from the CA selected, and EAP-CHAPv2
Fast Reconnect is currently disabled for testing purposes.

The Netgear is configured with a visible SSID, WPA2-AES to authenticate against the RADIUS server. Which is configured for the NPS box.

The clients have matching wilreless settings, with Validate Server Certificate selected in the PEAP properties, and our root CA selected in the list.  Again fast reconnect, and also cache settings are disabled for testing purposes.

When trying to connect to the wireless it fails.
On the Network Policy and Access Services event log nothing is displayed
On the client's security log it shows:

A request was made to authenticate to a wireless network.

Subject:
      Security ID:            <domain>\jjennings
      Account Name:            jjennings
      Account Domain:            <domain>
      Logon ID:            0x78782

Network Information:
      Name (SSID):            WirelessTest
      Interface GUID:            {4bb28eb9-c2dd-42b0-8dab-f1fd995997cb}
      Local MAC Address:      00:22:FA:3F:25:F2
      Peer MAC Address:      00:24:B2:46:FA:C0

Additional Information:
      Reason Code:            Explicit Eap failure received (0x50005)
      Error Code:            0x40420110


Which has been quite hard to try and track down what that error means in relation to my setup.

Another thought to mention is that the machine certificates are already being used for VPN access (but not against a radius server) so look to be working and recognised ok on the network.

Any thoughts or suggestions on what I may be doing wrong would be great, and if you need any more info then let me know too.

Thanks in advance!

James

Answer : Wireless Certificated RAIDUS authentication problems

In case of a DLL reference, the .LIB is just an import library which contains information the linker needs to resolve external references to exported DLL functions, so the system can locate the specified DLL and exported DLL functions at run time (see also http://msdn.microsoft.com/en-us/library/ms682592%28VS.85%29.aspx - "Dynamic-Link Library Creation" - and the pages linked from there). In case of a static library you are right, the .LIB file contains all the code that is needed to resolve the used functions and the code is placed into your executyble by the linker directly, see http://msdn.microsoft.com/en-us/library/ms235627%28VS.80%29.aspx ("Walkthrough: Creating and Using a Static Library").

You can check the contents of a .LIB file by using either lib.exe or dumpbin.exe on the command line, an import library should not contain any actual code.

Random Solutions  
 
programming4us programming4us