I've got a weird issue. I've set up an 802.1x wireless network which points to a Windows IAS radius server for the authentication.
The radius client/authenticator is an Aruba WLAN controller.
The supplicant are standard Win 7 machines
When we set up the wireless profile with the proper settings and "use the Windows logon" enabled the authentication fails.
When we uncheck "use windows logon"-checkbox, we get presented with the systray-popup to enter user, passwd and domain. When we enter the windows logon details there.. authentication works.
An obvious difference between the granted and denied access in the radius logs is the Fully-Qualified-User-Name. Not sure why though. The user enters exactly the same info in the windows logon box as in the 802.1x authentication box.
Anyone got an idea why this is happening? I've been stuck on it for weeks and ready to give up on that damn checkbox.
################################################################################
ACCESS DENIED (use windows logon checked)
-------
Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 29/06/2011
Time: 14:43:19
User: N/A
Computer: IAS-radius
Description:
User DOMAIN\userx was denied access.
Fully-Qualified-User-Name = DOMAIN\userx
NAS-IP-Address = 1.2.3.4
NAS-Identifier = 1.2.3.4
Called-Station-Identifier = 000B86612940
Calling-Station-Identifier = 001DE027ED77
Client-Friendly-Name = WLAN controller ip 2
Client-IP-Address = 1.2.3.4
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 0
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = MS-CHAPv2
EAP-Type = <undetermined>
Reason-Code = 16
Reason = Authentication was not successful because an unknown user name or incorrect password was used.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2e 05 07 80 ...?
################################################## ##############################
ACCESS GRANTED (entered logon manualy)
--------
Event Type: Information
Event Source: IAS
Event Category: None
Event ID: 1
Date: 29/06/2011
Time: 14:44:21
User: N/A
Computer: IAS-radius
Description:
User DOMAIN\userx was granted access.
Fully-Qualified-User-Name = DOMAIN.be/DOMAIN Users/ICT/IT-Helpdesk/First Lastname
NAS-IP-Address = 1.2.3.4
NAS-Identifier = 1.2.3.4
Client-Friendly-Name = WLAN controller ip 2
Client-IP-Address = 1.2.3.4
Calling-Station-Identifier = 001DE027ED77
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 0
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Wireless DOMAIN-Data
Authentication-Type = MS-CHAPv2
EAP-Type = <undetermined>
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 ....
################################################################################