locked
Cisco Wireless and Server 2008 NPS RRS feed

  • Question

  • We are using WLC4402 for our Aironet 1240AG access points.  The clients are connecting to the access points and are authenticating to the RADIUS server.  I am seeing the logs in Server 2008 but they are being rejected due to Network Policy on the NPS server.

     

    In order for the clients (authenticated via Active Directory user) I have to set the Authentication in the NPS Connection Request Policy to "Allow clients to connect without negotiating an authentication method". 

     

    I do not have a certificate on the server and my method options are MS-CHAP-v2, MS-CHAP, CHAP, PAP, SPAP, and allow without negotiating.  This RADIUS server was moved from Server 2003 IAS to Server 2008 NPS and there were no issues in Server 2003 IAS.  I have all authentication methods allowed and it still gives me the error below.  Only when I check "Allow clients to connect without negotiating an authentication method" it allows the authentication to proceed. 

     

    Any insight is greatly appreciated.  Thank you!

     

    Client Machine:

        Security ID:            NULL SID

        Account Name:            -

        Fully Qualified Account Name:    -

        OS-Version:            -

        Called Station Identifier:        00-17-a2-87-54-00:SSIDNAME

        Calling Station Identifier:        00-41-96-b6-e3-27

     

    NAS:

        NAS IPv4 Address:        192.168.90.24

        NAS IPv6 Address:        -

        NAS Identifier:            WLCHOSTNAME

        NAS Port-Type:            Wireless - IEEE 802.11

        NAS Port:            1

     

    RADIUS Client:

        Client Friendly Name:        AP Controller 2

        Client IP Address:            192.168.90.24

     

    Authentication Details:

        Connection Request Policy Name:    Use Windows authentication for all users

        Network Policy Name:        Wireless MAC Authentication Policy

        Authentication Provider:        Windows

        Authentication Server:        RADIUSSERVERHOSTNAME

        Authentication Type:        Unauthenticated

        EAP Type:            -

        Account Session Identifier:        -

        Logging Results:            Accounting information was written to the local log file.

        Reason Code:            66

        Reason:                The user attempted to use an authentication method that is not enabled on the matching network policy.

    Friday, May 11, 2012 2:32 PM

Answers

All replies

  • Hi,

    The problem might be in network policy (named Wireless MAC Authentication Policy), not connection request policy.

    How do you have this policy configured?

    Have you tried running the wizard in NPS to create wireless policies? See http://technet.microsoft.com/en-us/library/ff919513(WS.10).aspx.

    -Greg

    Saturday, May 12, 2012 6:02 PM
  • I have not but I will give it a try.  As of right now it seems to be working but I have to leave the "Allow clients to connect without negotiating an authentication method" checked.

    Thank you for the reply!

    Tuesday, May 29, 2012 1:39 PM