none
Radius with WDS --> No credentials are available in the security package reason code 300

    שאלה

  • Hello,

     i have a working radius-configuration.

    Hardware:

    Server2008R2 (radius-server in MS-domain)

    1 AP-point

    Working Well!

    When making a second accespoint available through WDS and authentication with radius we have a problem.

    The 2nd accespoint will create an event in the eventlog of the server with the following details:

    Network Policy Server denied access to a user.

    Contact the Network Policy Server administrator for more information.

    User:
     Security ID:   domain\user
     Account Name:   domain\user
     Account Domain:   domain
     Fully Qualified Account Name: domain\user

    Client Machine:
     Security ID:   NULL SID
     Account Name:   -
     Fully Qualified Account Name: -
     OS-Version:   -
     Called Station Identifier:  00-02-6F-9A-B3-4C
     Calling Station Identifier:  00-02-6F-9A-B3-50

    NAS:
     NAS IPv4 Address:  10.31.10.125
     NAS IPv6 Address:  -
     NAS Identifier:   -
     NAS Port-Type:   Wireless - IEEE 802.11
     NAS Port:   0

    RADIUS Client:
     Client Friendly Name:  10.31.10.125
     Client IP Address:   10.31.10.125

    Authentication Details:
     Connection Request Policy Name: Secure Wireless Connections
     Network Policy Name:  -
     Authentication Provider:  Windows
     Authentication Server:  domain.local
     Authentication Type:  PEAP
     EAP Type:   -
     Account Session Identifier:  -
     Logging Results:   Accounting information was written to the local log file.
     Reason Code:   300
     Reason:    No credentials are available in the security package

    Howto fix this issue? we have tried many work-arrounds!

    יום רביעי 06 יוני 2012 13:31

תשובות

  • Hi,

    Sorry for the delay.

    And I have limited knowledge of this production. Given this situation, I would suggest you to contact the EnGenius support for the detailed step to deploy WDS with the RADIUS server if it’s supported. Your understanding is highly appreciated.

    Best Regards,

    Aiden


    Aiden Cao

    TechNet Community Support

    יום שישי 15 יוני 2012 02:34
    מנחה דיון
  • Hi there -

    The reason code explanation in NPS documentation is "Authentication failed. The certificate is malformed and Extensible Authentication Protocl (EAP) cannot locate credential information in the certificate."

    I think the problem here is that you need to connect the second AP to the wire. The AP must be configured as a RADIUS client in NPS so that the RADIUS protocol is used between the two, but your configuration makes that impossible because the AP is attempting to log on as an access client. If you connect the AP via Ethernet it should work fine, assuming that you have configured it with the same shared secret that you used to configure the RADIUS client in NPS.

    Thanks -


    James McIllece

    יום שישי 15 יוני 2012 19:16

כל התגובות

  • somebody with a solution?
    יום חמישי 07 יוני 2012 10:32
  • Hi,

    Thanks for your post.

    You need to let us more information about your AP devices. I assume you deploy WDS AP in your environment. From the Cisco published document, the WDS AP must establish a relationship to an authentication server through authentication with a WDS user name and password. The authentication server can be either an external RADIUS server or the local RADIUS server feature in the WDS AP. Please double check whether you set the NPS server as the RADIUS server to enable authentication and accounting.

    Wireless Domain Services Configuration

    http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c951f.shtml

    Wireless Domain Services AP as an AAA Server Configuration Example

    http://www.cisco.com/en/US/products/hw/wireless/ps458/products_configuration_example09186a008059a559.shtml

    As it is a question about the inter-operation between Windows NPS and Wireless device, please also contact the manufacturer support for further investigation. Thank you for your understanding.

    Best Regards,

    Aiden


    Aiden Cao

    TechNet Community Support

    יום שני 11 יוני 2012 04:58
    מנחה דיון
  • We are using the following accespoints : EnGenius ECB-9500

    We already use accouting and logs for troubleshooting.

    The error about this topic "No credentials are available in the security package" is coming out of the log-files.

    First Situation:

    When we disable Radius and use WPA2 WDS is working well! When we enable Radius, radius is working well also.

    Second Situation:

    But...when we try to connect the 2nd accesspoint through Accespoint1 to the radius-server this error message occurs!

    The setup is Like this  :   AP2 ----> AP1---->Radius-server

    We are using the same username/password as used on the first situation.

    Somebody who knows a solution for this?

    יום שלישי 12 יוני 2012 11:33
  • Hi,

    Sorry for the delay.

    And I have limited knowledge of this production. Given this situation, I would suggest you to contact the EnGenius support for the detailed step to deploy WDS with the RADIUS server if it’s supported. Your understanding is highly appreciated.

    Best Regards,

    Aiden


    Aiden Cao

    TechNet Community Support

    יום שישי 15 יוני 2012 02:34
    מנחה דיון
  • Hi there -

    The reason code explanation in NPS documentation is "Authentication failed. The certificate is malformed and Extensible Authentication Protocl (EAP) cannot locate credential information in the certificate."

    I think the problem here is that you need to connect the second AP to the wire. The AP must be configured as a RADIUS client in NPS so that the RADIUS protocol is used between the two, but your configuration makes that impossible because the AP is attempting to log on as an access client. If you connect the AP via Ethernet it should work fine, assuming that you have configured it with the same shared secret that you used to configure the RADIUS client in NPS.

    Thanks -


    James McIllece

    יום שישי 15 יוני 2012 19:16