802.1x wireless authentication not working via RADIUS

I've tried to implement 802.1x authentication in a windows 2012 domain environment using protected-EAP authentication. I read through guide after guide and still i am unable to get it to work. I'm confident the server side and WLC config is all correct. I have run the command debug client d0:df:9a:f6:30:40 which is my test laptop and i can see the WLC sending EAP-Request/Identify messages but it seems it never gets a reply. I have attached a copy of the debug. 
Please can someone help me if possible?
Laptop > AP > WLC > RADIUS SERVER

Hmmm, peap. So PEAP requires the server be validated via a certificate trust. Did you download the WLC certificate and install it on the client (use self-signed cert), or did you install a new certificate on the WLC? In either case your client has to "trust" the Certificate Authority who signed the certificate used by the authentication device. If you use the self signed certificate you have to download the cert from the WLC and install on the client to validate the server, then the client is validated on the WLC with windows credentials or a saved username/password.
Are you trying to do single sign-on? Is the client a member of the domain? Does the user belong to the domain? Did you do the certificate stuff above? if you need to test this without validating the server (JUST FOR TESTING PURPOSES) you can go under the WLAN profile on the client chose security, settings and uncheck validate server certificate. Then on user credentials verify you are using the correct client credentials on the client and try again. 
If this works the certificate is the issue, you can troubleshoot from there. You DO NOT WANT TO LEAVE validate server certificate unchecked as that can create a BIG SECURITY HOLE. Just based on your description I am leaning towards a cert issue. If you can provide more details, would be great. Screenshots of your client EAP-PEAP setup, screenshot of windows cert store showing trusted root certification authorities with trusted CA your WLC is using. 
Do you ever see logs on the AD server, with login attempts? If not the client is not able to verify the WLC's certificate and therefore won't send credentials. 
LDAP configuration is pretty straightforward, if you just want to test this for the first time and are having issues with just getting a PEAP client to work you can attempt with a LOCAL EAP user on the WLC to verify the client and WLC are correct then add the LDAP server as Authentication Source, just ensure your server priorities are correct if you do this.
Hopefully this helps
~Please rate useful post~

Similar Messages

  • 802.1x port authentication not working

    I am having some troubles figuring out what is going on here. I am trying to setup 802.1x port based authentication to assign clients to VLANs. I inherited this mess and its been a long time since I have used this. I ran a wireshark on my Radius server and I see no packets even coming from my switch IP address when I plug into a port (I verified communication because pings come up in my trace)
    Switch info:
    sw-ConfB>sho ver
    Cisco IOS Software, C2960C Software (C2960c405-UNIVERSALK9-M), Version 12.2(55)EX3, RELEASE SOFTWARE (fc2)
    Port config:
    interface FastEthernet0/11
     switchport mode access
     authentication event fail action authorize vlan 900
     authentication event no-response action authorize vlan 900
     authentication port-control auto
     dot1x pae authenticator
     dot1x timeout tx-period 5
    Radius Server Info:
    radius-server host 10.0.1.52 auth-port 1645 acct-port 1646 key 802.1x!
    Kinda lost why not Radius packet even comes from the switch. Any tips?

    sw-ConfB#sho ru
    Building configuration...
    Current configuration : 6301 bytes
    version 12.2
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname sw-ConfB
    boot-start-marker
    boot-end-marker
    enable secret 5 $1$3QAC$puzutRpCI5zR3Xv55xBVH0
    aaa new-model
    aaa authentication dot1x default group radius
    aaa authorization network default group radius
    aaa session-id common
    system mtu routing 1500
    crypto pki trustpoint TP-self-signed-706182400
     enrollment selfsigned
     subject-name cn=IOS-Self-Signed-Certificate-706182400
     revocation-check none
     rsakeypair TP-self-signed-706182400
    crypto pki certificate chain TP-self-signed-706182400
     certificate self-signed 01
      3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
      30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
      69666963 6174652D 37303631 38323430 30301E17 0D393330 33303130 30303430
      365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
      532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3730 36313832
      34303030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
      C72AE421 F5BF8C62 7C9E14C1 E73686FB 67DD760A 0C6C790D 935143A0 8DD96CC8
      D14A11C1 D16F9583 AE3B591E 68581049 1C837110 1B1C0398 BDE81C86 3F80CD45
      E55EBE76 73B9F7AB 5F14CBD5 2BD38330 E1B4FA92 32490A66 CE0BE135 9B695D97
      BF7C04FB 2999CF98 2336E82C 559A89C1 7F4E2948 1D73EBD4 236E4DD9 4D8675AB
      02030100 01A36930 67300F06 03551D13 0101FF04 05300301 01FF3014 0603551D
      11040D30 0B820973 772D436F 6E66422E 301F0603 551D2304 18301680 14C35330
      A1D32EA5 C2A07CC9 B1B3CCDB EB93CAA7 02301D06 03551D0E 04160414 C35330A1
      D32EA5C2 A07CC9B1 B3CCDBEB 93CAA702 300D0609 2A864886 F70D0101 04050003
      8181002E FC217BF1 F9E6FBE1 B07270A6 79A57AA5 691A949D C61C00C2 09C1C3CA
      CA14EE07 60BA058E CFDCD8E7 19D83B68 5F06B92C 8612B396 B18BA823 C0E83021
      2EFD391E 06113246 5609E287 7883422A 0513AF6D 5BF03CDE 92786B1D 3E01284C
      1EE23296 12999C71 BE8A5BEA 4B768F7E 6EB63E05 B71AF375 7FB72B98 7665BF45 D14622
      quit
    dot1x system-auth-control
    spanning-tree mode pvst
    spanning-tree extend system-id
    vlan internal allocation policy ascending
    interface FastEthernet0/1
     switchport access vlan 900
     switchport mode access
     authentication event fail action authorize vlan 900
     authentication event no-response action authorize vlan 900
     authentication port-control auto
     dot1x pae authenticator
     dot1x timeout tx-period 5
    interface FastEthernet0/2
     switchport access vlan 900
     switchport mode access
     authentication event fail action authorize vlan 900
     authentication event no-response action authorize vlan 900
     authentication port-control auto
     dot1x pae authenticator
     dot1x timeout tx-period 5
    interface FastEthernet0/3
     switchport access vlan 900
     switchport mode access
     authentication event fail action authorize vlan 900
     authentication event no-response action authorize vlan 900
     authentication port-control auto
     dot1x pae authenticator
     dot1x timeout tx-period 5
    interface FastEthernet0/4
     switchport access vlan 900
     switchport mode access
     authentication event fail action authorize vlan 900
     authentication event no-response action authorize vlan 900
     authentication port-control auto
     dot1x pae authenticator
     dot1x timeout tx-period 5
    interface FastEthernet0/5
     switchport access vlan 900
     switchport mode access
     authentication event fail action authorize vlan 900
     authentication event no-response action authorize vlan 900
     authentication port-control auto
     dot1x pae authenticator
     dot1x timeout tx-period 5
    interface FastEthernet0/6
     switchport access vlan 900
     switchport mode access
     authentication event fail action authorize vlan 900
     authentication event no-response action authorize vlan 900
     authentication port-control auto
     dot1x pae authenticator
     dot1x timeout tx-period 5
    interface FastEthernet0/7
     switchport access vlan 900
     switchport mode access
     authentication event fail action authorize vlan 900
     authentication event no-response action authorize vlan 900
     authentication port-control auto
     dot1x pae authenticator
     dot1x timeout tx-period 5
    interface FastEthernet0/8
     switchport access vlan 900
     switchport mode access
     authentication event fail action authorize vlan 900
     authentication event no-response action authorize vlan 900
     authentication port-control auto
     dot1x pae authenticator
     dot1x timeout tx-period 5
    interface FastEthernet0/9
     switchport access vlan 900
     switchport mode access
     authentication event fail action authorize vlan 900
     authentication event no-response action authorize vlan 900
     authentication port-control auto
     dot1x pae authenticator
     dot1x timeout tx-period 5
    interface FastEthernet0/10
     switchport access vlan 900
     switchport mode access
     authentication event fail action authorize vlan 900
     authentication event no-response action authorize vlan 900
     authentication port-control auto
     dot1x pae authenticator
     dot1x timeout tx-period 5
    interface FastEthernet0/11
     switchport mode access
     authentication event fail action authorize vlan 900
     authentication event no-response action authorize vlan 900
     authentication port-control auto
     dot1x pae authenticator
     dot1x timeout tx-period 5
    interface FastEthernet0/12
     switchport access vlan 900
     switchport mode access
     authentication event fail action authorize vlan 900
     authentication event no-response action authorize vlan 900
     authentication port-control auto
     dot1x pae authenticator
     dot1x timeout tx-period 5
    interface GigabitEthernet0/1
     switchport trunk native vlan 200
     switchport trunk allowed vlan 100,200,900
     switchport mode trunk
    interface GigabitEthernet0/2
     switchport access vlan 100
     switchport mode access
    interface Vlan1
     no ip address
    interface Vlan100
     ip address 10.0.1.3 255.255.255.0
    interface Vlan200
     ip address 10.0.2.4 255.255.255.0
    interface Vlan900
     ip address 10.0.9.4 255.255.255.0
    ip default-gateway 10.0.1.1
    ip http server
    ip http secure-server
    ip sla enable reaction-alerts
    radius-server host 10.0.1.52 auth-port 1645 acct-port 1646 key 802.1x!
    radius-server retransmit 5
    radius-server key secret
    radius-server vsa send authentication

  • HP 5524 Wireless does not work after firmware upgrade

    HI,
    I have just purchased an HP5524.  After initial problems setting up the WPA key from the printer screen, I connected via USB, found the printer and swapped to wireless successfuly. I then installed the printer software on all my computers at home successfully over wireless.
    The printer then needed a firmware upgrade to support eprint (?), which is successfully connected, downloaded the fireware, installed and went through the boot cycles successfully. 
    However, ever since wireless will not work.  Before I return it to the retailer as "not fit for purpose" I thought I would ask the forum.  The diagnostics downloaded a tool, which I went through, but this did not offer solutions that I had not already tried.
    Thank you

    Hi,
    Thank you for posting you query,
    In order to resolve the issue, please make sure the printer is placed closer to the router and uninstall the printer drivers already installed and then start the instalaltion and seelct teh connection type as wireless network. Then select use USB to configure wireless and when prompted conenct the USB cable and then select the network and enter the encryption key follow the onscreen  instructions.
    If the issue still persisits, please open the browser and in the address bar enter the IP address of the router and click on GO. This will take you to the router configuration page. On the router page, please click on Wireless Setup  and please make sure SSID Broadcast is enabeld and the Wireless Mode is set to Mixed or 802.11 B/G/N and the Wireless Channel is set to 11 and click on Apply. Then try to connect the printer to the network by using the CD.
    Say "Thanks" by clicking the Kudos Star in the post that helped you.
    Please mark the post that solves your problem as "Accepted Solution"
    (Although I am employed by HP, I am speaking for myself and not for HP)

  • 802.1x Wireless Authentication

    Hello
    I am using a MS Certificate Server and MS Radius server with 802.1x Wireless Authentication. When the macs Authenticate I get a warning so to speak and the Cert will not save or trust. I have enter it in as a 509 anchor and other and still the same thing. Is anyone out there doing this.
    The windows says
    801x Authentication
    The Server Certificate could not be validated becuase the root certificate is missing.
    Thanks

    No, CA wasn't changed with R2.
    Are you able to see the User's certificate in the Keychain app under the login keychain & My Certificates? Can you see the CA's certificate under the X509Anchors?
    In the login keychain, when looking at the Users certificate, does it show as valid?

  • Wireless is not working on my new HP office jet 6700 premium

    Gents,
    i have a new HP office jet 6700 premium all in one printer and i coneccted to the network via wireless and its works only for 2 minutes and after that its not working via wireless unless i disconnected and reconected again please advice.
    FYI it is working very good by USB, and im using Mac OS X 10.9.3 version 
    Regards,

    Hi Kattoa,
    Welcome to the HP forums!
    I'm sorry to hear your Officejet 6700  doesn't seem to be holding it's wireless connection but I'd be happy to help determine what the problem could be
    I think it would be best if you followed this Printer Does Not Maintain Wireless Connection document as it should be able to help determine why the printer has to be reconnected so frequently.
    Let me know how that goes for you!!
    Please click “Accept as Solution ” if you feel my post resolved your issue, as it will help others find the solution faster
    Click the “Kudos Thumbs Up" on the right to say “Thanks” for helping!
    **MissTeriLynn**
    I work on behalf of HP

  • Keyboard wireless key not working after upgrading to windows 8.1

    Hello,
    I am having hp pavilion dv6-6165tx notebook, where keyboard having a wireless button that turns ON and OFF all wireless devices, After upgrading to windows 8.1, HP Connection Manager is not getting installed, as well as Key is not working, key color turns red and white but no action is performed.
    Kindly suggest me some solution.
    Note: HP Doesn't provide drivers for windows 8/8.1 ONLY WINDOWS 7 for hp pavilion dv6-6165tx.
    Thanks.

    Hi @Jayesh_Bhadja ,
    Thank you for visiting the HP Support Forums and Welcome. I have looked into your issue about your HP Pavilion dv6-6165tx Notebook and the Wireless keyboard not working correctly. Here is a link to troubleshoot the keyboard.
    The HP Connection Manager is something that is for Windows 7 not Windows 8.1. I would uninstall this from your Notebook.  Here is a link to the HP Support Assistant if you need it. Just download and run the application and it will help with the software and drivers on your system that need updating. It has a troubleshooting tool in this.
    Make sure all your updates have been completed. I would try restarting my Notebook a few times.
    If that does not help I would uninstall the keyboard from the Device manager.
    Thanks.
    Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
    Click the “Kudos, Thumbs Up" on the bottom to say “Thanks” for helping!

  • Error message on my HP Photosmart C7280 All-in-One 'Wireless Radio not Working'

    error message on my HP Photosmart C7280 All-in-One  'Wireless Radio not Working' My broadband is BT Infinity with a very strong signal throughout the house and my operating system is Windows XP. My printer will not connect wirelessly to my network, what can I do with respect to the error message 'Wireless Radio not Working'

    Hello @GeoffH777 ,
    Perfect! You are very welcome, I am very happy to hear the reset helped!
    If you  have a quick moment, please scroll back to my last message here and click the "Accepted Solution" button, so others can find our thread if they happen to run into the same issue.
    Greatly appreciated, have a wonderful day!
    R a i n b o w 7000I work on behalf of HP
    Click the “Kudos Thumbs Up" at the bottom of this post to say
    “Thanks” for helping!
    Click “Accept as Solution” if you feel my post solved your issue, it will help others find the solution!

  • [svn] 1720: Bugs: LCDS-304 - Authentication not working in all cases when using security constraint with NIO endpoints .

    Revision: 1720
    Author: [email protected]
    Date: 2008-05-14 14:50:06 -0700 (Wed, 14 May 2008)
    Log Message:
    Bugs: LCDS-304 - Authentication not working in all cases when using security constraint with NIO endpoints.
    QA: Yes
    Doc: No
    Details:
    Update to the TomcatLoginCommand to work correctly with NIO endpoints.
    Ticket Links:
    http://bugs.adobe.com/jira/browse/LCDS-304
    Modified Paths:
    blazeds/branches/3.0.x/modules/opt/src/tomcat/flex/messaging/security/TomcatLoginCommand. java

    Revision: 1720
    Author: [email protected]
    Date: 2008-05-14 14:50:06 -0700 (Wed, 14 May 2008)
    Log Message:
    Bugs: LCDS-304 - Authentication not working in all cases when using security constraint with NIO endpoints.
    QA: Yes
    Doc: No
    Details:
    Update to the TomcatLoginCommand to work correctly with NIO endpoints.
    Ticket Links:
    http://bugs.adobe.com/jira/browse/LCDS-304
    Modified Paths:
    blazeds/branches/3.0.x/modules/opt/src/tomcat/flex/messaging/security/TomcatLoginCommand. java

  • Multi-Row insert/update/delete not working via db-link

    App. Version: 2.0.0.00.49
    DB: Oracle 9i, not sure about the build
    Problem: Multirow Update/Insert/Delete doesn't work via db-link.
    Error received: ....ORA-1460: unimplemented or unreasonable conversion requested....
    Where: Tabular Form generated via Wizard
    Side note: It's working properly when local table(s) is/are used, it's not working via db-link or view.
    I've encountered this error with single update/insert/delete operations before, but was able to fix it via using temp-variables (v_xyz := :Px_xyz; as the proposed v('Px_xyz') was really slow with my scripts)...but with the automated DML-action I don't see a way to edit it accordingly.
    Workaround found:
    1a) Use local* collection on HTML-DB-Server, then write single row updates/deletes/inserts to the remote DB via DB-Link
    1b) Use local* table on HTML-DB-Server, then write single row updates/deletes/inserts to the remote DB via DB-Link
    * Local = on the same server that HTML-DB is running on...
    So,...to my questions:
    1. Can someone confirm that this is a "known feature" (aka bug)?
    2. Can someone tell me if this "known feature" has been eliminated in the newer version of HTML-DB/APEX (> 2.0.0.00.49)?
    Thanks.
    Ingo

    Hi,
    Do you have a small test case program that demonstrates this? A JDeveloper project showing what exactly is the problem when trying to use the BDB SQL JDBC driver to insert data into the BDB SQL database? What do you mean by "not working", do you get any errors, you do not get errors but you do not see the data in the database etc?
    What are the versions of Java, JDeveloper, ADF and BDB SQL you are using, and on what OS?
    Regards,
    Andrei

  • Tecra A3 - Creative Mouse Wireless does not work

    My Creative Mouse Wireless does not work while touchpad is installed.
    Even if I disable the Touchpad, the mouse seal does not work.
    Does anyone know how to solve this problem?
    Thank you,
    R.P.

    Hello
    On this way it is not easy to say what the problem is. I assume that you got some installations software for your external device. Install it and it should works.
    As far as I know functionality of external mouse doesn`t depend on touchpad settings.
    Bye

  • My wireless keypad not working even in a full battery, window display continously switching automatically without touching the cursor.

    my wireless keypad not working even in full battery

    I have a wireless keyboard with the attached keypad.  The keyboard is working great, but the keypad quit working.  I put in new batteries...did not help.  Any suggestions?

  • Wireless with PEAP Authentication not working using new NPS server

    All,
    We are planning to migrate from our old IAS server to new NPS server. We are testing the new NPS server with our wireless infrastructure using WISM. We are using PEAP with server Cert for authentication. For testing purpose we are doing user authentication but our goal is to do machine authentication. On client side we are using Windows XP, Windows 7 & iPAD’s
    I believe I have configured the NPS & CA server as per the documents I found on Cisco support forum & Microsoft’s site.
    But it is not working for me. I am getting the following error message on the NPS server.
    Error # 1
    =======
    Cryptographic operation.
    Subject:
                Security ID:                 SYSTEM
                Account Name:                       MADXXX
                Account Domain:                    AD
                Logon ID:                    0x3e7
    Cryptographic Parameters:
                Provider Name:          Microsoft Software Key Storage Provider
                Algorithm Name:         RSA
                Key Name:      XXX-Wireless-NPS
                Key Type:       Machine key.
    Cryptographic Operation:
                Operation:       Decrypt.
                Return Code:  0x80090010
    Error # 2
    ======
    An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.
    I was wondering if anyone has any insight on what is going on.
    Thanks, Ds

    Scott,
    I have disabled MS-CHAP v1 & only MS-CHAP v2 is enabled on Network Policies > Constraints.
    I  disabled validate Certificate on Windows 7 and tried to authenticate, it is still failing. Here is the output from the event viewer:
    Cryptographic operation.
    Subject:
    Security ID: SYSTEM
    Account Name: MADHFSVNPSPI01$
    Account Domain: AD
    Logon ID: 0x3e7
    Cryptographic Parameters:
    Provider Name: Microsoft Software Key Storage Provider
    Algorithm Name: RSA
    Key Name: DOT-Wireless-NPS
    Key Type: Machine key.
    Cryptographic Operation:
    Operation: Decrypt.
    Return Code: 0x80090010
    Network Policy Server denied access to a user.
    Contact the Network Policy Server administrator for more information.
    User:
    Security ID: AD\mscdzs
    Account Name: AD\mscdzs
    Account Domain: AD
    Fully Qualified Account Name: AD\mscdzs
    Client Machine:
    Security ID: NULL SID
    Account Name: -
    Fully Qualified Account Name: -
    OS-Version: -
    Called Station Identifier: 64-ae-0c-00-de-f0:DOT
    Calling Station Identifier: a0-88-b4-e2-79-cc
    NAS:
    NAS IPv4 Address: 130.47.128.7
    NAS IPv6 Address: -
    NAS Identifier: WISM2B
    NAS Port-Type: Wireless - IEEE 802.11
    NAS Port: 29
    RADIUS Client:
    Client Friendly Name: WISM2B
    Client IP Address: 130.47.128.7
    Authentication Details:
    Connection Request Policy Name: Secure Wireless Connections
    Network Policy Name: Secure Wireless Connections
    Authentication Provider: Windows
    Authentication Server: MADHFSVNPSPI01.AD.DOT.STATE.WI.US
    Authentication Type: PEAP
    EAP Type: -
    Account Session Identifier: -
    Logging Results: Accounting information was written to the local log file.
    Reason Code: 23
    Reason: An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.
    Attached are EAP logs & debug logs from the controller.
    Thanks for all the help. I really appreciate.

  • Sg300 - 802.1x NPS - mac authentication not working

    I configured 802.1x on a sg300 switch. It is working very well with some Windows 7 machines and a Windows Server 2008 NPS server.
    Now I tried to get the MAC authentication running, on a 3850X it is working without problems, but every access request sent from the SG300 is declined.
    My current port configuration on the SG300:
    interface fastethernet1
     dot1x guest-vlan enable
     dot1x max-req 1
     dot1x reauthentication
     dot1x timeout quiet-period 10
     dot1x authentication 802.1x mac
     dot1x radius-attributes vlan static
     dot1x port-control auto
     switchport mode access
    On the Windows NPS server there is following error to see:
    Authentication Details:
        Connection Request Policy Name:    Secure Wire
        Network Policy Name:        -
        Authentication Provider:        Windows
        Authentication Server:        myradius.local
        Authentication Type:        -
        EAP Type:            -
        Account Session Identifier:        30353030399999
        Reason Code:            1
        Reason:                An internal error occurred. Check the system event log for additional information.
    There is compared to the message from the 3850 the authentication type missing (PAP) and a not very helpful error message displayed...

    Still not working.
    I tried different settings and (also older) software versions on the SF302-08P.
    Also started to change the settings on the NPS (though it is working with the 3850X!), without success.
    The NPS reports following error:
    Schannel:
    The following fatal alert was received: 40.
    EventID 36887
    If I search for this error, every source is pointing to certificate errors, but there should not be any certificate involved?!
    ... is this a bug on the SF302-08P?

  • 802.1x authentication not trying second Radius server

    I have 802.1x setup for portbased authentication on my 3750. I have two identical Radius servers setup and both work when they are the initial server. If I disable the NIC on the first server, it never fails over to the second one. (This only happens with 802.1x, logging directly onto the switch works but just takes longer) What do I need to set to get the radius to failover faster or at all for matter?
    aaa authentication login default group radius local
    aaa authentication dot1x default group radius
    aaa authorization network default group radius
    interface FastEthernet1/0/11
    switchport access vlan 15
    switchport mode access
    dot1x pae authenticator
    dot1x port-control auto
    dot1x violation-mode protect
    spanning-tree portfast
    radius-server host 10.10.0.41 auth-port 1645 acct-port 1646 key radiuskey
    radius-server host 10.10.0.42 auth-port 1645 acct-port 1646 key radiuskey

    I have 802.1x setup for portbased authentication on my 3750. I have two identical Radius servers setup and both work when they are the initial server. If I disable the NIC on the first server, it never fails over to the second one. (This only happens with 802.1x, logging directly onto the switch works but just takes longer) What do I need to set to get the radius to failover faster or at all for matter?
    aaa authentication login default group radius local
    aaa authentication dot1x default group radius
    aaa authorization network default group radius
    interface FastEthernet1/0/11
    switchport access vlan 15
    switchport mode access
    dot1x pae authenticator
    dot1x port-control auto
    dot1x violation-mode protect
    spanning-tree portfast
    radius-server host 10.10.0.41 auth-port 1645 acct-port 1646 key radiuskey
    radius-server host 10.10.0.42 auth-port 1645 acct-port 1646 key radiuskey

  • 802.1x wireless authentication using NPS - SSO sign on to Office 365 using ADFS

    Hi Spiceys,I'm researching for a potential client and would like to know if the following is possible:They have an existing wireless network with a working 802.1x implementation using NPS as RADIUS. They are very keen to move to Office 365 and use SSO and my understanding is that they'll need to spin up a working ADFS implementation to arrange this. We want to use Microsoft tech to tie it all in, so 3rd party SSO apps I don't want to investigate.If a wireless client is authenticated with NPS, and we have a working ADFS implementation are they able to access Office 365 resources without signing in twice? I'd imagine that the NPS auth would give them the necessary DC token, but if they access O365 resources and get redirected to the ADFS website and use Windows integrated login, will it 'just work' ? They are looking at using the full...
    This topic first appeared in the Spiceworks Community

    did you find any resolution to this?  our mba- mid 2013 deployment is having a very similar problem.  We've gone through loads of troubleshooting and have yet to come to a resolution.  all our mid 2012 mba's are working fine they're 10.7.5/10.8.4 mixed.  console logs don't show much, i'll try the wireless diags tomorrow.  our other 10.8.4 build appears fine on other models of machines.  i've read posts about deleteing the adapters, deleting the system config plists and changing the mtu size, these steps do not work for us.
    we don't have as high a failure rate with our deployment, but 25%-30% of our clients randomly drop connectivity and are unable to reconnect (fluttering wi-fi wave).  when you slect the wifi symbol in the menu bar other wireless networks do not show, the 'looking for networks' fly wheel continues to spin.  ocasionaly on login the yellow jelly bean will appear then disappear before finally timeing out without logging the user in (depsite having mobile accounts enabled).    mostly the problem manifests itself when waking from sleep - the wifi symbol flutters endlessly without connecting.  deleting the 8021x profile and readding it will reenable connectivity.  we've tried new profiels, but to the same end.  i know our certs and systems are fine because previous mac os x builds work fine as do our windows clients.
    any input would be much appreciated.

Maybe you are looking for