Problems authenticating using WPA2-Enterprise.. Help!

Hi.

I've been trying to setup wireless networking, using WPA2-Enterprise
security. I'm using IAS on a server, which is also the only domain
controller. The server also has the Certificate Authority server, and
self-generated a certificate. Windows 2003 server.

I've exported the certificate from the server (as *.PB7 file), and install
that on the client (via mmc certmgr.msc snap-in), importing into the
Enterprise Trust folder.

I'm not sure what is going on, but out of about 10 users trying to connect,
I can only get about 4 to work. The clients are personal computers, and a
mix of OS (XP, Vista, Mac OS X). Some of the ones that work are Vista Home
Premium, at least one that works is XP. One computer is a member of the
domain, most are not. As far as I can tell, setup is the same on all. I
personally setup on some, and it all seems the same as the setup on my PC
(which works), yet it fails to work.

In most cases where it doesn't work, it is first because the computer is
trying to authenticate as computer or local login, instead of using the
domain login account. Then the appropriate options are unticked, and the
user is prompted to enter username and password. At this stage, when the
correct username and password is entered, it is not successful, but keeps
prompting to re-enter credentials (often the balloon pops up in bottom right
corner before the user has had time to finish entering details the previous
time), and there is no longer anything in the server logs.

I especially don't understand why there is nothing in the logs showing these
failed attempts to login, even though previous attempts are recorded in the
logs for the same computer (eg when no certificate, or trying automatic
login).

It seems like after a while it stops talking to IAS. Is there some kind of
inbuilt security where a computer is blocked after a certain number of
failed attempts? How long does it take before they can try again?

Also, I'm wondering if I'm using the wrong type of certificate. Also, since
it does work for some computers, it seems like maybe that is ok..?

Any ideas? It is really wrecking my head!

Thanks,

Craig

Is this question better to send to radius group, or ok here?

Craig

"Craig" <(E-Mail Removed)> wrote in message
news:%232A%(E-Mail Removed)...
> Hi.
>
> I've been trying to setup wireless networking, using WPA2-Enterprise
> security. I'm using IAS on a server, which is also the only domain
> controller. The server also has the Certificate Authority server, and
> self-generated a certificate. Windows 2003 server.
>
> I've exported the certificate from the server (as *.PB7 file), and install
> that on the client (via mmc certmgr.msc snap-in), importing into the
> Enterprise Trust folder.
>
> I'm not sure what is going on, but out of about 10 users trying to
> connect, I can only get about 4 to work. The clients are personal
> computers, and a mix of OS (XP, Vista, Mac OS X). Some of the ones that
> work are Vista Home Premium, at least one that works is XP. One computer
> is a member of the domain, most are not. As far as I can tell, setup is
> the same on all. I personally setup on some, and it all seems the same as
> the setup on my PC (which works), yet it fails to work.
>
> In most cases where it doesn't work, it is first because the computer is
> trying to authenticate as computer or local login, instead of using the
> domain login account. Then the appropriate options are unticked, and the
> user is prompted to enter username and password. At this stage, when the
> correct username and password is entered, it is not successful, but keeps
> prompting to re-enter credentials (often the balloon pops up in bottom
> right corner before the user has had time to finish entering details the
> previous time), and there is no longer anything in the server logs.
>
> I especially don't understand why there is nothing in the logs showing
> these failed attempts to login, even though previous attempts are recorded
> in the logs for the same computer (eg when no certificate, or trying
> automatic login).
>
> It seems like after a while it stops talking to IAS. Is there some kind of
> inbuilt security where a computer is blocked after a certain number of
> failed attempts? How long does it take before they can try again?
>
> Also, I'm wondering if I'm using the wrong type of certificate. Also,
> since it does work for some computers, it seems like maybe that is ok..?
>
> Any ideas? It is really wrecking my head!
>
> Thanks,
>
> Craig