Re: PEAP Authentication in IAS

Discussion in 'Wireless Networking' started by Paul Bergson [MVP-DS], Feb 2, 2009.

  1. This question is based for Networking not AD.

    I have copied them in on this query.

    --
    Paul Bergson
    MVP - Directory Services
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, 2003, 2000 (Early Achiever), NT4

    http://www.pbbergs.com

    Please no e-mails, any questions should be posted in the NewsGroup This
    posting is provided "AS IS" with no warranties, and confers no rights.


    "Caio" <> wrote in message
    news:...
    > Hello,
    > I'm having some troubles trying to configure my wired network to use
    > 802.1X
    > with Radius server.
    > Here my problem: I'm using a Procurve 2650 as Radius Client, IAS as Radius
    > Server and Windows XP as supplicant.
    >
    > If I configure CHAP authentication, selecting MD5-Challenge under
    > Authentication in the network configuration of Windows XP and CHAP
    > authentication under Authentication window of the Radius (IAS) policy, all
    > works fine and I can login correctly in my network (I can see the log into
    > the event viewer).
    >
    > But when I choose to use PEAP, selecting it from the drop down list under
    > Authentication window of network configuration (in XP), and selecting the
    > same into the radius policy, I can't correctly login, and in the event
    > viewer
    > I see this error:
    > Reason-Code = 66.
    > Reason = The user attempted to use an authentication method that is not
    > enabled on the matching remote access policy
    >
    > This is a problem because only PEAP permit to automatically submit the
    > login
    > credentials (or does somebody know how to do it with CHAP?), and because
    > with
    > Windows Vista MD5 is totally unavailable because it's considered obsolete
    > and
    > unsecure.
    >
    > Probably I'm missing some step to enable that authentication method in the
    > GPO of my domain, or something similar.
    > Does somebody has a suggestion about this problem?
    >
    > Thank you
    Paul Bergson [MVP-DS], Feb 2, 2009
    #1
    1. Advertising

  2. It seems to me the authentication methods don't match. Or check this link.

    IAS Issue CollectionsIAS related Event ID and IAS Reason Codes. Most Windows
    IAS Event ID errors are related ... IAS Event ID 2 - Reason-Code = 65 ·
    Event ID 2: Reason-Code = 66 ...
    www.chicagotech.net/troubleshooting/eventid2.htm


    --
    Bob Lin, MS-MVP, MCSE & CNE
    Networking, Internet, Routing, VPN Troubleshooting on
    http://www.ChicagoTech.net
    How to Setup Windows, Network, VPN & Remote Access on
    http://www.HowToNetworking.com
    "Paul Bergson [MVP-DS]" <pbbergs@nopspam_msn.com> wrote in message
    news:...
    > This question is based for Networking not AD.
    >
    > I have copied them in on this query.
    >
    > --
    > Paul Bergson
    > MVP - Directory Services
    > MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    > 2008, 2003, 2000 (Early Achiever), NT4
    >
    > http://www.pbbergs.com
    >
    > Please no e-mails, any questions should be posted in the NewsGroup This
    > posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    > "Caio" <> wrote in message
    > news:...
    >> Hello,
    >> I'm having some troubles trying to configure my wired network to use
    >> 802.1X
    >> with Radius server.
    >> Here my problem: I'm using a Procurve 2650 as Radius Client, IAS as
    >> Radius
    >> Server and Windows XP as supplicant.
    >>
    >> If I configure CHAP authentication, selecting MD5-Challenge under
    >> Authentication in the network configuration of Windows XP and CHAP
    >> authentication under Authentication window of the Radius (IAS) policy,
    >> all
    >> works fine and I can login correctly in my network (I can see the log
    >> into
    >> the event viewer).
    >>
    >> But when I choose to use PEAP, selecting it from the drop down list under
    >> Authentication window of network configuration (in XP), and selecting the
    >> same into the radius policy, I can't correctly login, and in the event
    >> viewer
    >> I see this error:
    >> Reason-Code = 66.
    >> Reason = The user attempted to use an authentication method that is not
    >> enabled on the matching remote access policy
    >>
    >> This is a problem because only PEAP permit to automatically submit the
    >> login
    >> credentials (or does somebody know how to do it with CHAP?), and because
    >> with
    >> Windows Vista MD5 is totally unavailable because it's considered obsolete
    >> and
    >> unsecure.
    >>
    >> Probably I'm missing some step to enable that authentication method in
    >> the
    >> GPO of my domain, or something similar.
    >> Does somebody has a suggestion about this problem?
    >>
    >> Thank you

    >
    Robert L. \(MS-MVP\), Feb 2, 2009
    #2
    1. Advertising

  3. Check my reply in wireless.

    --
    Bob Lin, MS-MVP, MCSE & CNE
    Networking, Internet, Routing, VPN Troubleshooting on
    http://www.ChicagoTech.net
    How to Setup Windows, Network, VPN & Remote Access on
    http://www.HowToNetworking.com
    "Paul Bergson [MVP-DS]" <pbbergs@nopspam_msn.com> wrote in message
    news:...
    > This question is based for Networking not AD.
    >
    > I have copied them in on this query.
    >
    > --
    > Paul Bergson
    > MVP - Directory Services
    > MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    > 2008, 2003, 2000 (Early Achiever), NT4
    >
    > http://www.pbbergs.com
    >
    > Please no e-mails, any questions should be posted in the NewsGroup This
    > posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    > "Caio" <> wrote in message
    > news:...
    >> Hello,
    >> I'm having some troubles trying to configure my wired network to use
    >> 802.1X
    >> with Radius server.
    >> Here my problem: I'm using a Procurve 2650 as Radius Client, IAS as
    >> Radius
    >> Server and Windows XP as supplicant.
    >>
    >> If I configure CHAP authentication, selecting MD5-Challenge under
    >> Authentication in the network configuration of Windows XP and CHAP
    >> authentication under Authentication window of the Radius (IAS) policy,
    >> all
    >> works fine and I can login correctly in my network (I can see the log
    >> into
    >> the event viewer).
    >>
    >> But when I choose to use PEAP, selecting it from the drop down list under
    >> Authentication window of network configuration (in XP), and selecting the
    >> same into the radius policy, I can't correctly login, and in the event
    >> viewer
    >> I see this error:
    >> Reason-Code = 66.
    >> Reason = The user attempted to use an authentication method that is not
    >> enabled on the matching remote access policy
    >>
    >> This is a problem because only PEAP permit to automatically submit the
    >> login
    >> credentials (or does somebody know how to do it with CHAP?), and because
    >> with
    >> Windows Vista MD5 is totally unavailable because it's considered obsolete
    >> and
    >> unsecure.
    >>
    >> Probably I'm missing some step to enable that authentication method in
    >> the
    >> GPO of my domain, or something similar.
    >> Does somebody has a suggestion about this problem?
    >>
    >> Thank you

    >
    Robert L. \(MS-MVP\), Feb 2, 2009
    #3
  4. Paul Bergson [MVP-DS]

    Caio Guest

    thank you to everyone for the replies,
    I discovered that my was a Procurve problem, related to the old firmware
    version.

    Now, with the latest version, PEAP authentication works like a charm. :)
    Caio, Feb 3, 2009
    #4
  5. Thank you for the update.

    --
    Bob Lin, MS-MVP, MCSE & CNE
    Networking, Internet, Routing, VPN Troubleshooting on
    http://www.ChicagoTech.net
    How to Setup Windows, Network, VPN & Remote Access on
    http://www.HowToNetworking.com
    "Caio" <> wrote in message
    news:...
    > thank you to everyone for the replies,
    > I discovered that my was a Procurve problem, related to the old firmware
    > version.
    >
    > Now, with the latest version, PEAP authentication works like a charm. :)
    >
    Robert L. \(MS-MVP\), Feb 4, 2009
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. maTT

    PEAP and IAS and Standalone CA

    maTT, Jun 6, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    684
    kapil [MSFT]
    Jun 6, 2005
  2. Replies:
    1
    Views:
    4,914
    Mark Gamache
    Jul 15, 2005
  3. jt
    Replies:
    14
    Views:
    6,122
    SupaKad
    Oct 13, 2009
  4. jester
    Replies:
    1
    Views:
    1,737
    Vivek
    Dec 20, 2005
  5. =?Utf-8?B?RGVsb24=?=

    How to uninstall Cisco PEAP supplicant to use XP default PEAP

    =?Utf-8?B?RGVsb24=?=, May 25, 2007, in forum: Wireless Networking
    Replies:
    0
    Views:
    851
    =?Utf-8?B?RGVsb24=?=
    May 25, 2007
Loading...

Share This Page