locked
Radius on 2008 R2 with eap-tls RRS feed

  • Question

  • You cannot vote on your own post
    0

    Hi

    I have configured EAP-TLS in windows server 2008.The NPS server is authenticating users successfully, But unable to get ip address.

    I used Cisco 1040 Access point.

    Here is the log . i get when user is authenticated

    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          5/10/2012 10:01:13 PM
    Event ID:      6276
    Task Category: Network Policy Server
    Level:         Information
    Keywords:      Audit Success
    User:          N/A
    Computer:      NPS1.lantronix.com
    Description:
    Network Policy Server quarantined a user.

    Contact the Network Policy Server administrator for more information.

    User:
        Security ID:            LANTRONIX\USER$
        Account Name:            host/User.lantronix.com
        Account Domain:            LANTRONIX
        Fully Qualified Account Name:    LANTRONIX\USER$

    Client Machine:
        Security ID:            NULL SID
        Account Name:            -
        Fully Qualified Account Name:    -
        OS-Version:            -
        Called Station Identifier:        c8f9.f9a7.6960
        Calling Station Identifier:        0014.78ed.8530

    NAS:
        NAS IPv4 Address:        10.1.0.76
        NAS IPv6 Address:        -
        NAS Identifier:            msys_cisco
        NAS Port-Type:            Wireless - IEEE 802.11
        NAS Port:            1900

    RADIUS Client:
        Client Friendly Name:        cisco_client
        Client IP Address:            10.1.0.76

    Authentication Details:
        Proxy Policy Name:        eap_tls
        Network Policy Name:        NAP 802.1X (Wireless) 4 Non NAP-Capable
        Authentication Provider:        Windows
        Authentication Server:        NPS1.lantronix.com
        Authentication Type:        EAP
        EAP Type:            Microsoft: Smart Card or other certificate
        Account Session Identifier:        -

    Quarantine Information:
        Result:                Quarantined
        Extended-Result:            -
        Session Identifier:            -
        Help URL:            -
        System Health Validator Result(s):    -

    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
        <EventID>6276</EventID>
        <Version>0</Version>
        <Level>0</Level>
        <Task>12552</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8020000000000000</Keywords>
        <TimeCreated SystemTime="2012-05-11T05:01:13.023Z" />
        <EventRecordID>25094</EventRecordID>
        <Correlation />
        <Execution ProcessID="584" ThreadID="1256" />
        <Channel>Security</Channel>
        <Computer>NPS1.lantronix.com</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="SubjectUserSid">S-1-5-21-11613551-1190545814-67446-1129</Data>
        <Data Name="SubjectUserName">host/User.lantronix.com</Data>
        <Data Name="SubjectDomainName">LANTRONIX</Data>
        <Data Name="FullyQualifiedSubjectUserName">LANTRONIX\USER$</Data>
        <Data Name="SubjectMachineSID">S-1-0-0</Data>
        <Data Name="SubjectMachineName">-</Data>
        <Data Name="FullyQualifiedSubjectMachineName">-</Data>
        <Data Name="MachineInventory">-</Data>
        <Data Name="CalledStationID">c8f9.f9a7.6960</Data>
        <Data Name="CallingStationID">0014.78ed.8530</Data>
        <Data Name="NASIPv4Address">10.1.0.76</Data>
        <Data Name="NASIPv6Address">-</Data>
        <Data Name="NASIdentifier">msys_cisco</Data>
        <Data Name="NASPortType">Wireless - IEEE 802.11 </Data>
        <Data Name="NASPort">1900</Data>
        <Data Name="ClientName">cisco_client</Data>
        <Data Name="ClientIPAddress">10.1.0.76</Data>
        <Data Name="ProxyPolicyName">eap_tls</Data>
        <Data Name="NetworkPolicyName">NAP 802.1X (Wireless) 4 Non NAP-Capable</Data>
        <Data Name="AuthenticationProvider">Windows </Data>
        <Data Name="AuthenticationServer">NPS1.lantronix.com</Data>
        <Data Name="AuthenticationType">EAP</Data>
        <Data Name="EAPType">Microsoft: Smart Card or other certificate</Data>
        <Data Name="AccountSessionIdentifier">-</Data>
        <Data Name="QuarantineState">Quarantined </Data>
        <Data Name="ExtendedQuarantineState">-</Data>
        <Data Name="QuarantineSessionID">-</Data>
        <Data Name="QuarantineHelpURL">-</Data>
        <Data Name="QuarantineSystemHealthResult">-</Data>
      </EventData>
    </Event>

    and i can see Dhcp discover from the client 0014.78ed.8530 in wire shark.

    Can any one help me.Where the things are going wrong. I configured dhcp server also in AD

    Thanks

    Ramu



    • Edited by ramuraju Thursday, May 17, 2012 11:09 AM
    • Moved by Rick Tan Friday, May 18, 2012 7:53 AM (From:Security)
    Thursday, May 17, 2012 11:08 AM

Answers