ID Manager - Radius reject computer but not cellphone

  • 1
  • Question
  • Updated 5 years ago
  • Answered
Hello,

I'm currently in trouble with ID Manager Authentication. It's working great with cellphones, but i can access to my Guest vlan using a computer. It's rejected by RADIUS. I dont really understand why.

Can You help me?

Here is the trace of my problem.

06/14/2013 10:47:48 0024D648C8CC 4018B15AF455 WIFI05-03 DETAIL [47]Sending EAP Packet to STA: code=1 (EAP-Request) identifier=1 length=5
06/14/2013 10:48:00 0024D648C8CC 4018B15AF455 WIFI05-03 DETAIL [48]received EAP packet (code=2 id=1 len=34) from STA: EAP Reponse-Identity (1), STA identity=user42
06/14/2013 10:48:00 0024D648C8CC 4018B15AF455 WIFI05-03 DETAIL [49]Send message to RADIUS Server(192.168.0.118): code=1 (Access-Request) identifier=15 length=207, User-Name=user42 NAS-IP-Address=192.168.0.118 Called-Station-Id=40-18-B1-5A-F4-55:Wifi-Public Calling-Station-Id=00-24-D6-48-C8-CC
06/14/2013 10:48:00 0024D648C8CC 4018B15AF455 WIFI05-03 DETAIL [50]Receive message from RADIUS Server: code=11 (Access-Challenge) identifier=15 length=64
06/14/2013 10:48:00 0024D648C8CC 4018B15AF455 WIFI05-03 DETAIL [51]Sending EAP Packet to STA: code=1 (EAP-Request) identifier=2 length=6
06/14/2013 10:48:00 0024D648C8CC 4018B15AF455 WIFI05-03 DETAIL [52]received EAP packet (code=2 id=2 len=109) from STA: EAP Reponse-PEAP (25)
06/14/2013 10:48:00 0024D648C8CC 4018B15AF455 WIFI05-03 DETAIL [53]Send message to RADIUS Server(192.168.0.118): code=1 (Access-Request) identifier=16 length=300, User-Name=user42 NAS-IP-Address=192.168.0.118 Called-Station-Id=40-18-B1-5A-F4-55:Wifi-Public Calling-Station-Id=00-24-D6-48-C8-CC
06/14/2013 10:48:00 0024D648C8CC 4018B15AF455 WIFI05-03 DETAIL [54]Receive message from RADIUS Server: code=11 (Access-Challenge) identifier=16 length=1090
06/14/2013 10:48:00 0024D648C8CC 4018B15AF455 WIFI05-03 DETAIL [55]Sending EAP Packet to STA: code=1 (EAP-Request) identifier=3 length=1024
06/14/2013 10:48:00 0024D648C8CC 4018B15AF455 WIFI05-03 DETAIL [56]received EAP packet (code=2 id=3 len=6) from STA: EAP Reponse-PEAP (25)
06/14/2013 10:48:00 0024D648C8CC 4018B15AF455 WIFI05-03 DETAIL [57]Send message to RADIUS Server(192.168.0.118): code=1 (Access-Request) identifier=17 length=197, User-Name=user42 NAS-IP-Address=192.168.0.118 Called-Station-Id=40-18-B1-5A-F4-55:Wifi-Public Calling-Station-Id=00-24-D6-48-C8-CC
06/14/2013 10:48:00 0024D648C8CC 4018B15AF455 WIFI05-03 DETAIL [58]Receive message from RADIUS Server: code=11 (Access-Challenge) identifier=17 length=1037
06/14/2013 10:48:00 0024D648C8CC 4018B15AF455 WIFI05-03 DETAIL [59]Sending EAP Packet to STA: code=1 (EAP-Request) identifier=4 length=973
06/14/2013 10:48:00 0024D648C8CC 4018B15AF455 WIFI05-03 DETAIL [60]received EAP packet (code=2 id=4 len=17) from STA: EAP Reponse-PEAP (25)
06/14/2013 10:48:00 0024D648C8CC 4018B15AF455 WIFI05-03 DETAIL [61]Send message to RADIUS Server(192.168.0.118): code=1 (Access-Request) identifier=18 length=208, User-Name=user42 NAS-IP-Address=192.168.0.118 Called-Station-Id=40-18-B1-5A-F4-55:Wifi-Public Calling-Station-Id=00-24-D6-48-C8-CC
06/14/2013 10:48:01 0024D648C8CC 4018B15AF455 WIFI05-03 BASIC [62]Authentication is terminated (at if=wifi0.2) because it is rejected by RADIUS server

Thanks for help
Photo of Alexandre Lefebvre

Alexandre Lefebvre

  • 6 Posts
  • 0 Reply Likes
  • confused

Posted 5 years ago

  • 1
Photo of Alexandre Lefebvre

Alexandre Lefebvre

  • 6 Posts
  • 0 Reply Likes
I really wonder why RADIUS is rejecting me using a computer.

The credentials are goods, I can use them from any cellphone. Why I can't register to that Guest WIFI with the same credentials?

Are there any prerequisit on computer to use 802.1X Auth with ID Manager?

Is there something like certificate issue?! I've notice nothing about that in the Install guide.

Any hints would be appreciated.
Photo of Alexandre Lefebvre

Alexandre Lefebvre

  • 6 Posts
  • 0 Reply Likes
It seems to be a certificate issue...

Which certificate is used when I tried to connect to a guest VLAN with IDM ?

A local certificate issued by the HiveManager? Or a public certificate from IDM ?
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Alexandre,
The computer was rejected by RADIUS. You need the RADIUS server to tell you why.

I agree with your suspicions that it is a certificate problem. You may have a certificate that's good on one server, but not trusted by IDM. If you aren't able to make progress on your own, I suggest you contact our support team; they should be able to help you troubleshoot this.
Photo of Alexandre Lefebvre

Alexandre Lefebvre

  • 6 Posts
  • 0 Reply Likes
Well, I was waitinf for the support to validate my account and i'm still waiting.
Photo of Brian Ambler

Brian Ambler

  • 245 Posts
  • 126 Reply Likes
Hi Alexandre,

As our international customers would need to go through one of our partners for support, I would suggest following up with whomever you opened the ticket so that your account can be validated.
Photo of Alexandre Lefebvre

Alexandre Lefebvre

  • 6 Posts
  • 0 Reply Likes
Thanks for your answer.
I'll try to do that with our partner to create the account.

For my initial request : I resolved it using Private PSK with ID Manager. but I've another problem with that now. (I've open another thread about that)

PS: your mobile portal doesn't allow windows auth.