Advertisement

08.19.2008 at 09:21PM PDT, ID: 23661983
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
7.0

Problems RADIUS setup w/ Cisco WAP 1242AG can't find valid certificate

Asked by andlemir in Wireless Application Protocol (WAP), Secure Socket Layer (SSL) & HTTPS, Network Operations

Tags: , , , , , , ,

I'm attempting to setup a RADIUS server via Server 2003 standard and have it work properly with a Cisco 1242AG WAP but am having problems.  I've created my own test environment with the following:

Sever 2003 Standard SP2
AD installed and setup
DNS
DHCP
Router IP address 10.1.10.1
Server IP address10.1.10.2
WAP IP address 10.1.10.3
Test Workstation Windows XP Pro setup on the domain
Trusted Root SSL Certificate Created (using IIS resource kit)
IAS installed
WiFi Policy created
Cisco 1242AG WAP quick setup to Radius server

I have basically followed the guides found out on the net from tech republic
http://articles.techrepublic.com.com/5100-10878_11-6148579.html
http://articles.techrepublic.com.com/5100-10878_11-6148560.html?tag=rbxccnbtr1
http://articles.techrepublic.com.com/5100-10878_11-6148572.html?tag=rbxccnbtr1

This has given me basic instructions on installing and setting up RADIUS server, creating a policy for it.  Creating a SSL certificate and deploying it out.  On the workstation I have logged it onto the domain, and verfied that the SSL certificate I created is in the trusted root folder of both the server and the workstation.

The Cisco Wap has been set to basically authenticate all requests for WiFi access to the RADIUS server (Please keep in mind that I'm broadcasting the SSID right now for testing purposes only) CLi shown below

All seems to work well until it attempts to "validate identity"  then I receive the message "Windows was unable to find a certificate to log you on to the network"  

What am I missing here?  Should the workstation not be using the SSL cert created to authenticate from the workstation to the server?

All help appreciated!
Start Free Trial 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:

Current configuration : 2442 bytes                                  
! 
version 12.4            
no service pad              
service timestamps debug datetime msec                                      
service timestamps log datetime msec                                    
service password-encryption                           
! 
hostname ap           
! 
enable secret 5 $1$8kXt$cYP4lGf7B0JgDtkfjspN/1                                              
! 
aaa new-model             
! 
! 
aaa group server radius rad_eap                               
 server 10.1.10.2 auth-port 1645 acct-port 1646                                               
! 
aaa group server radius rad_mac                               
! 
aaa group server radius rad_acct                                
! 
 --More--         
*Mar  1 00:50:16.560: %DOT11-7-AUTH_FAILED: Station 00                                                    
aaa group server radius rad_admin                                 
! 
aaa group server tacacs+ tac_admin                                  
! 
aaa group server radius rad_pmip                                
! 
aaa group server radius dummy                             
! 
aaa authentication login eap_methods group rad_eap                                                  
aaa authentication login mac_methods local                                          
aaa authorization exec default local                                    
aaa accounting network acct_methods start-stop group rad_acct                                                             
! 
aaa session-id common                     
! 
! 
! 
dot11 ssid Testing WAP                      
   authentication open eap eap_methods                                      
   authentication network-eap eap_methods                                         
   authentication key-management wpa                                    
   guest-mode             
! 
power inline negotiation prestandard source                                           
! 
! 
username Cisco password 7 123A0C041104                                      
! 
bridge irb          
! 
! 
interface Dot11Radio0                     
 no ip address              
 no ip route-cache                  
 !  
 encryption mode ciphers tkip                             
 !  
 ssid Testing WAP                 
 !  
 antenna gain 4               
 station-role root                  
 bridge-group 1               
 bridge-group 1 subscriber-loop-control                                       
 bridge-group 1 block-unknown-source                                    
 no bridge-group 1 source-learning                                  
 no bridge-group 1 unicast-flooding                                   
 bridge-group 1 spanning-disabled                                 
! 
interface Dot11Radio1                     
 no ip address              
 no ip route-cache                  
 shutdown         
 !  
 encryption mode ciphers tkip                             
 dfs band 3 block                 
 channel dfs            
 station-role root                  
 bridge-group 1               
 bridge-group 1 subscriber-loop-control                                       
 bridge-group 1 block-unknown-source                                    
 no bridge-group 1 source-learning                                  
 no bridge-group 1 unicast-flooding                                   
 bridge-group 1 spanning-disabled                                 
! 
interface FastEthernet0                       
 no ip address              
 no ip route-cache                  
 duplex auto            
 speed auto           
 bridge-group 1               
 no bridge-group 1 source-learning                                  
 bridge-group 1 spanning-disabled                                 
! 
interface BVI1              
 ip address 10.1.10.3 255.255.255.0                                   
 no ip route-cache                  
! 
! 
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
 
ip radius source-interface BVI1
radius-server local
  nas 10.1.10.2 key 7 046B0A1404245E6D081D0C1B1E0A0F55
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 10.1.10.2 auth-port 1645 acct-port 1646 key 7 003412140F5E192
50E25454205180646
radius-server vsa send accounting
bridge 1 route ip
!
!
 --More--
*Mar  1 00:50:48.521: %DOT11-7-AUTH_FAILED: Station 0012.177d.4ed7 Authenticatio
!
line con 0
line vty 0 4
!
end
[+][-]08.28.2008 at 09:13AM PDT, ID: 22336595

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]09.02.2008 at 06:08AM PDT, ID: 22366871

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09.02.2008 at 10:17AM PDT, ID: 22369339

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]09.10.2008 at 06:31PM PDT, ID: 22444957

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09.11.2008 at 09:42AM PDT, ID: 22451781

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]09.11.2008 at 05:55PM PDT, ID: 22456356

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09.11.2008 at 05:57PM PDT, ID: 22456373

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Wireless Application Protocol (WAP), Secure Socket Layer (SSL) & HTTPS, Network Operations
Tags: Microsoft, Server, 2003 Standard, RADIUS server, Cisco, Airnet Wap, 1242AG, Windows was unable to find a certificate to log you on to the network
Sign Up Now!
Solution Provided By: andlemir
Participating Experts: 1
Solution Grade: A
 
 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628