Wireless PEAP-MSCHAP-V2 Computer Authentication




I'm having problem with computer authentication on a wireless network I'm
setting up. Authentication is done through PEAP-MSCHAP-V2. It works fine when
a user logs in to the station, but there is an option to allow computer to
log in to the network, even if there is nobody logged in. Clients are Windows
XP SP3 and doc says that with PEAP-MSCHAP-V2, this should work automatically,
meaning that the computer shoud send its credentials automatically.

When I trace trafic going to the radius (NPS) server, I see that there is an
Access-Request from Wireless NIC of the client computer, but it is rejected.
MMC Computer Certificates shows that the CA for the radius server certificate
is defined as a Trusted Authority.

Any idea ?


Just found the problem, but there was nothing in Event Log or the NPS log.

Problem was that I tried to manage the AD computer objet with the Admin Pack
but there was no "Dial-in" tab from there, so I thought there was no option
for Dial-in and that it was "on" all the time. Just to make sure, I went to
the DC and run dsa.msc to find out that in fact, there is a "Dial-in" tab for
the computer objet. "Allow Access" for the computer and it now works...

Looks like there is a bug in the Admin Pack by the way (or I have an old
version of it, I did now verify)...


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question