locked
Radius 連結無線AP 無法使用 RRS feed

  • 問題

  • 各位大大
    小弟目前所使用架構如下
    ADSR
    1AD=Server 2003 Standard SP1
    2AD+CA Server =Server 2003 Standard (非R2也未Update)
    3AD=Server 2003 Standard SP2
    -----------------------------------------
    Radius Server
    Radius=Server 2008 R2 Enterprise 
    安裝NAP及CA Role並按照以下網址設定,設定完畢後使用手機連結確出現無法Access Log
    http://techblog.mirabito.net.au/?p=87
    是否跟版本有關係,或是和自身設定有問題?
    PS: Log 內容如下,我登入時輸入的是我的AD號碼但上面卻顯示我的手機MAC
    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          8/21/2012 1:18:37 PM
    Event ID:      6273
    Task Category: Network Policy Server
    Level:         Information
    Keywords:      Audit Failure
    User:          N/A
    Computer:      PERFORMANCE_MON.xxx.xxx
    Description:
    Network Policy Server denied access to a user.

    Contact the Network Policy Server administrator for more information.

    User:
    Security ID:  NULL SID
    Account Name:  78d6f0XXXXXX
    Account Domain:
    XXXX
    Fully Qualified Account Name:
    XXXX\78d6f0XXXX

    Client Machine:
    Security ID:  NULL SID
    Account Name:  -
    Fully Qualified Account Name:
    -
    OS-Version:  -
    Called Station Identifier:
    10-8c-cf-xx-xx-xx:wifiuser
    Calling Station Identifier:
    78-d6-f0-xx-xx-xx

    NAS:
    NAS IPv4 Address:
    10.1.1.1
    NAS IPv6 Address:
    -
    NAS Identifier:
    Cisco_df:0c:64
    NAS Port-Type:
    Wireless - IEEE 802.11
    NAS Port:  1

    RADIUS Client:
    Client Friendly Name:
    HMECOM-AP
    Client IP Address:
    10.1.1.1

    Authentication Details:
    Connection Request Policy Name:
    HMECOM-AP
    Network Policy Name:
    -
    Authentication Provider:
    Windows
    Authentication Server:
    PERFORMANCE_MON.XXX.XXX
    Authentication Type:
    PAP
    EAP Type:  -
    Account Session Identifier:
    -
    Logging Results:
    Accounting information was written to the local log file.
    Reason Code:  16
    Reason:  Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.

    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
        <EventID>6273</EventID>
        <Version>1</Version>
        <Level>0</Level>
        <Task>12552</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8010000000000000</Keywords>
        <TimeCreated SystemTime="2012-08-21T05:18:37.355080300Z" />
        <EventRecordID>3511</EventRecordID>
        <Correlation />
        <Execution ProcessID="460" ThreadID="2280" />
        <Channel>Security</Channel>
        <Computer>PERFORMANCE_MON.xxxx.xxxx</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="SubjectUserSid">S-1-0-0</Data>
        <Data Name="SubjectUserName">78d6f0xxxxxx</Data>
        <Data Name="SubjectDomainName">xxxx</Data>
        <Data Name="FullyQualifiedSubjectUserName">xxxx\78d6f0xxxxxx</Data>
        <Data Name="SubjectMachineSID">S-1-0-0</Data>
        <Data Name="SubjectMachineName">-</Data>
        <Data Name="FullyQualifiedSubjectMachineName">-</Data>
        <Data Name="MachineInventory">-</Data>
        <Data Name="CalledStationID">10-8c-cf-xx-xx-xx:wifiuser</Data>
        <Data Name="CallingStationID">78-d6-f0-xx-xx-xx</Data>
        <Data Name="NASIPv4Address">10.1.1.1</Data>
        <Data Name="NASIPv6Address">-</Data>
        <Data Name="NASIdentifier">Cisco_df:0c:64</Data>
        <Data Name="NASPortType">Wireless - IEEE 802.11</Data>
        <Data Name="NASPort">1</Data>
        <Data Name="ClientName">HMECOM-AP</Data>
        <Data Name="ClientIPAddress">10.1.1.1</Data>
        <Data Name="ProxyPolicyName">HMECOM-AP</Data>
        <Data Name="NetworkPolicyName">-</Data>
        <Data Name="AuthenticationProvider">Windows</Data>
        <Data Name="AuthenticationServer">PERFORMANCE_MON.xxx.xxx</Data>
        <Data Name="AuthenticationType">PAP</Data>
        <Data Name="EAPType">-</Data>
        <Data Name="AccountSessionIdentifier">-</Data>
        <Data Name="ReasonCode">16</Data>
        <Data Name="Reason">Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.</Data>
        <Data Name="LoggingResult">Accounting information was written to the local log file.</Data>
      </EventData>
    </Event>


    2012年8月22日 上午 10:17

解答

  • 各位大大

    小弟自行上網查詢找到原因了

    雖未有人回答但也感謝各位願意點進來看

    可以確定的是

    1.我使用Server2003 Enterprise 當CA才 憑證發出來。

    2.還需安裝IIS的Service。

    3.目前尚未測試2008 R2的版本,如有相關訊息我會再補充。

    -------------------------------------

    以上希望有幫助到其他大大,感謝。

    • 已標示為解答 Bolin Huang 2012年8月31日 下午 04:17
    2012年8月31日 下午 04:17