Radius - certificado

15/03/2006 - 15:26 por antonio | Informe spam
Estoy tratando de levantar un servidor radius tengo creados los
certificados; los equipos y los usuarios clientes tienen los
certificados registrados.
pero lal momento de tratar de conectarme a la red no me conecta a la
red

y El servidor me registra

Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 09-03-2006
Time: 16:34:54
User: N/A
Computer: SERVER2003
Description:
User usuario@server2 was denied access.
Fully-Qualified-User-Name = server2/Users/usuario
NAS-IP-Address = 192.1.3.6
NAS-Identifier = D-Link Access Point
Called-Station-Identifier = 00-11-95-E6-62-C3:serena
Calling-Station-Identifier = 00-0F-3D-B9-79-8F
Client-Friendly-Name = SERENARADIUS
Client-IP-Address = 192.1.3.6
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 1
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Wireless access to intranet
Authentication-Type = EAP
EAP-Type = Smart Card or other certificate
Reason-Code = 262
Reason = The supplied message is incomplete. The signature was not
verified.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 18 03 09 80 ...?


uso un AP dwl-2100 y windows 2003 server R2

Agradeceria su ayuda
 

Leer las respuestas

#1 Alejandro Penado Ramos
20/03/2006 - 11:18 | Informe spam
Hola:

El problema puede venir porque el IAS normalmente requiere un Enterprise CA
para poder realizar NT auth. correctamente, en el IAS server, prueba lo
siguiente:

1. Exporta el certificate del CA (el trusted root certificate) a un fichero
.cer
2. Desde una linea de comandos, ejecuta:
"certutil -dspublish -f <filename> NTAuthCA"
Una vez hayas hecho esto, reinicia el server IAS.
Prueba luego a conectarte con un cliente.

Para mas informacion, revisate estos articulos:

Certificate requirements when you use EAP-TLS or PEAP with EAP-TLS
http://support.microsoft.com/?id4394

Guidelines for enabling smart card logon with third-party certification
authorities
http://support.microsoft.com/?id(1245

How to import third-party certification authority (CA) certificates into the
Enterprise NTAuth store
http://support.microsoft.com/?id)5663

Saludos

Note that you must be an enterprise admin, a domain admin in the root
domain, or
modify the default permissions on the cn=authcertificates
"antonio" wrote in message
news:
Estoy tratando de levantar un servidor radius tengo creados los
certificados; los equipos y los usuarios clientes tienen los
certificados registrados.
pero lal momento de tratar de conectarme a la red no me conecta a la
red

y El servidor me registra

Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 09-03-2006
Time: 16:34:54
User: N/A
Computer: SERVER2003
Description:
User was denied access.
Fully-Qualified-User-Name = server2/Users/usuario
NAS-IP-Address = 192.1.3.6
NAS-Identifier = D-Link Access Point
Called-Station-Identifier = 00-11-95-E6-62-C3:serena
Calling-Station-Identifier = 00-0F-3D-B9-79-8F
Client-Friendly-Name = SERENARADIUS
Client-IP-Address = 192.1.3.6
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 1
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Wireless access to intranet
Authentication-Type = EAP
EAP-Type = Smart Card or other certificate
Reason-Code = 262
Reason = The supplied message is incomplete. The signature was not
verified.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 18 03 09 80 ...?


uso un AP dwl-2100 y windows 2003 server R2

Agradeceria su ayuda

Preguntas similares