| Home | Register | Members | Search | Links |
 |
| Thread Tools | Display Modes |
|
Guest
Posts: n/a
|
Scenario: 2003R2 server, 2000SP4 laptop. Linksys WPA54G AP set for
WPA-Enterprise; laptop using WPC55AG, set for EAP-PEAP, MS-CHAPv2. Certificate installed in server and deployed to client. Authentication fails with the following log entry: Event Type: Warning Event Source: IAS Event Category: None Event ID: 2 Date: 4/10/2006 Time: 10:53:30 AM User: N/A Computer: DDI-DOMAIN-SVR1 Description: User guestuser was denied access. Fully-Qualified-User-Name = internal.inc.com/Users/Guest User NAS-IP-Address = 192.168.0.2 NAS-Identifier = 0016b64f1956 Called-Station-Identifier = 0016b64f1956 Calling-Station-Identifier = 000f6619879a Client-Friendly-Name = DDI-AP1 Client-IP-Address = 192.168.0.2 NAS-Port-Type = Wireless - IEEE 802.11 NAS-Port = 4 Proxy-Policy-Name = Use Windows authentication for all users Authentication-Provider = Windows Authentication-Server = <undetermined> Policy-Name = Connections to other access servers Authentication-Type = EAP EAP-Type = <undetermined> Reason-Code = 66 Reason = The user attempted to use an authentication method that is not enabled on the matching remote access policy. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 00 00 00 00 .... What I'm not clear on is what allegedly invalid authentication method was attempted. The server isssam log shows that apparently the login account was verified: 2952] 04-10 11:20:05:937: Creating EAP session [2952] 04-10 11:20:05:937: NT-SAM Names handler received request with user identity guestuser. [2952] 04-10 11:20:05:937: Prepending default domain. [2952] 04-10 11:20:05:937: NameMapper:  rependDefaultDomain[2952] 04-10 11:20:05:937: SAM-Account-Name is "INTERNAL\guestuser". [2952] 04-10 11:20:05:937: NT-SAM Authentication handler received request for INTERNAL\guestuser. [2952] 04-10 11:20:05:937: Validating Windows account INTERNAL\guestuser. [2952] 04-10 11:20:05:937: Sending LDAP search to DDI-DOMAIN-SVR1.internal.vinc.com. [2952] 04-10 11:20:05:937: Successfully validated windows account. [2952] 04-10 11:20:05:937: NT-SAM User Authorization handler received request for INTERNAL\guestuser. [2952] 04-10 11:20:05:937: Using downlevel dial-in parameters. [2952] 04-10 11:20:05:937: Sending LDAP search to DDI-DOMAIN-SVR1.internal.inc.com. [2952] 04-10 11:20:05:937: Inserting attribute msNPAllowDialin. [2952] 04-10 11:20:05:937: Successfully retrieved per-user attributes. [2952] 04-10 11:20:05:937: Saving the response Can anyone offer any insight, or where I should look next? I've checked (or think I've checked) the relevant policies, and it all looks correct. Thanks for your help. -- Regards, Dean |
|
|
|
|||
|
|
| |
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| LSASRV Event 40960 and Failure Audit Event 673 since Feb 2007 | Drew Govnyak | Windows Networking | 1 | 07-25-2007 05:34 AM |
| Need help resolving Event ID 1054 errors appearing in event log every 5 mins! | thelotus99@gmail.com | Windows Networking | 2 | 07-16-2007 02:30 PM |
| Event ID: 8003 filling up the System Event log... | Claude Lachapelle | Windows Networking | 6 | 10-11-2006 08:21 PM |
| Windows 2003 authentication fails event id 1054, servers have a firewall in between | rossella@chemeketa.edu | Windows Networking | 1 | 07-13-2005 10:12 PM |
| Event ID1058 & Event ID1030 errors in the application log!!! | Herm | Windows Networking | 2 | 01-07-2005 07:35 AM |
Linear Mode
