PEAP Wireless Access for Mac OS X


G

Guest

We are using a Micrsoft IAS server as our Radius authority, and are
attempting to set up PEAP authentication for our wireless network. On a PC,
the setup seems to work perfectly: the computer sees the wireless network,
attempts to authenticate, accepts our certificate and the user is prompted
for their network username and password.

On a Mac OS 10.3.7 computer, however, the computer sees the wireless network
and although we specify an 802.1x connection, the Mac does not prompt to
accept the certificate but rather immediately rejects the computer. This is
the error that shows up in the Event Log for the IAS server:

*************************************
User username was denied access.
Fully-Qualified-User-Name = GARNET\username
NAS-IP-Address = 10.10.10.10
NAS-Identifier = ap
Called-Station-Identifier = xxxx.xxxx.xxxx
Calling-Station-Identifier = xxxx.xxxx.xxxx
Client-Friendly-Name = AP PEAP Test
Client-IP-Address = 10.10.10.10
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 266
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Allow Wireless PEAP Access (Test 1)
Authentication-Type = PEAP
EAP-Type = <undetermined>
Reason-Code = 16
Reason = Authentication was not successful because an unknown user name or
incorrect password was used.
*******************************************

We are using a self-signed certificate, and the goal is to get the Mac to
prompt users to accept the certificate and then authenticate to our IAS
server. The Mac does work when we download the certificate, transfer it to
the computer, and import it into the keychain, but we are trying to avoid
forcing the user to connect to the wired network before using the wireless
network.

If anyone has any suggestions, we would love to hear about them.
 
Ad

Advertisements

J

Jim Seifert [MSFT]

Automatic certificate deployment is something that only works with Windows
clients. With those clients group policy and a Windows 2003 server you can
automate certificate enrollment but this is not supported for third party
clients.
 
Joined
Feb 9, 2006
Messages
1
Reaction score
0
Hello,
I have exactly the same configuration than describe above : IAS microsoft as the radius server and MAC OS X as the client who does not work !
The error message from IAS is :
Reason-Code = 16
Reason = Authentication was not successful because an unknown user name or incorrect password was used.

Can you help me to correct this problem ??

thanks
 
Ad

Advertisements

Joined
Apr 28, 2009
Messages
3
Reaction score
0
Self-Signed Certs will do that...

There is a good writeup on it here:

http://www.pskl.us/wp/?p=125

Client just giving up + IAS saying bad username or password usually means that the client doesn't like the certificate.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top