Following on from my epic headache a little while back:
http://www.techexams.net/forums/viewtopic.php?t=21983
I have been trying to set this up in a real world environment. I am half way there currently, I just have one problem. When I try to test a user on the internet, i have this error returned from IAS system logs:
Fully-Qualified-User-Name = sceuvisinet.biz/Users/test NAS-IP-Address = 10.128.34.254 NAS-Identifier = <not present> Called-Station-Identifier = <not present> Calling-Station-Identifier = <not present> Client-Friendly-Name = radius client 2 Client-IP-Address = 10.128.34.253 NAS-Port-Type = <not present> NAS-Port = <not present> Proxy-Policy-Name = Use Windows authentication for all users Authentication-Provider = Windows Authentication-Server = <undetermined> Policy-Name = Connections to other access servers Authentication-Type = PAP EAP-Type = <undetermined> Reason-Code = 66 Reason = The user attempted to use an authentication method that is not enabled on the matching remote access policy.
Now, in my test environment I used a 5xp juniper netscreen model, but in the real world setup it is a ssg5 model. Here is a link on the juniper knowledge base I have found regarding authentication types:
http://kb.juniper.net/CUSTOMERSERVICE/index?page=kbdetail&record_id=0244022611e8310108012c3c190677c
Notice, on the seemingly older firewall models it is recconmmended to switch to PAP rather than CHAP.
Now I think this should be the fix for it, I will test it today when I go onsite, but if not could it be the actual end client's authentication type on the wireless LAN? Even though im fairly sure no wireless authentication is being used for now.
Anyway, if anyone can shed some light on this from experience you will get many tank you's
