Eap-tls
fid500
Member Posts: 71 ■■□□□□□□□□
I am in the process of setting wireless 802.1x using EAP-TLS for authentication. I have configured a NAP server and CA on windows 2008. My DC is a windows 2003. I have created two groups in AD, users and machines. I have added both groups to network policies. I have configured user and computer certificate templates and issued certificates to users and computers. This setup works fine for user authentication, but it fails when doing machine authentication.
When I tried to authenticate using computers, I get the following error.
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 2/10/2010 10:26:48 PM
Event ID: 6273
Task Category: Network Policy Server
Level: Information
Keywords: Audit Failure
User: N/A
Computer: TekoneCA02.mytekone.local
Description:
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: NULL SID
Account Name: none
Account Domain: MYTEKONE
Fully Qualified Account Name: MYTEKONE\none
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: 0012.011c.49c0
Calling Station Identifier: 000e.353e.2cfa
NAS:
NAS IPv4 Address: 192.168.192.40
NAS IPv6 Address: -
NAS Identifier: AP1310
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: 11313
RADIUS Client:
Client Friendly Name: AP1310
Client IP Address: 192.168.192.40
Authentication Details:
Proxy Policy Name: 8021X Wireless Connection
Network Policy Name: -
Authentication Provider: Windows
Authentication Server: TekoneCA02.mytekone.local
Authentication Type: EAP
EAP Type: Microsoft: Smart Card or other certificate
Account Session Identifier: -
Reason Code: 16
Reason: Authentication was not successful because an unknown user name or incorrect password was used.
When I tried to authenticate using computers, I get the following error.
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 2/10/2010 10:26:48 PM
Event ID: 6273
Task Category: Network Policy Server
Level: Information
Keywords: Audit Failure
User: N/A
Computer: TekoneCA02.mytekone.local
Description:
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: NULL SID
Account Name: none
Account Domain: MYTEKONE
Fully Qualified Account Name: MYTEKONE\none
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: 0012.011c.49c0
Calling Station Identifier: 000e.353e.2cfa
NAS:
NAS IPv4 Address: 192.168.192.40
NAS IPv6 Address: -
NAS Identifier: AP1310
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: 11313
RADIUS Client:
Client Friendly Name: AP1310
Client IP Address: 192.168.192.40
Authentication Details:
Proxy Policy Name: 8021X Wireless Connection
Network Policy Name: -
Authentication Provider: Windows
Authentication Server: TekoneCA02.mytekone.local
Authentication Type: EAP
EAP Type: Microsoft: Smart Card or other certificate
Account Session Identifier: -
Reason Code: 16
Reason: Authentication was not successful because an unknown user name or incorrect password was used.