NTLM_auth failed issue

  • 1
  • Question
  • Updated 2 years ago
Hi team,

On of our customer has a user and I believe user is using HTC device. When he tries to login to the wireless network using his credentials, he is not getting authenticated. We have collected following logs:

09/21/2016 09:37:55 AM 847A880740CD 9C5D125A8094 AP-NZL-HAS-01 DETAIL (426)RADIUS: SSL negotiation, send server certificate and other message 09/21/2016 09:37:55 AM 847A880740CD 9C5D125A8094 AP-NZL-HAS-01 DETAIL (427)Receive message from RADIUS Server: code=11 (Access-Challenge) identifier=58 length=255 
09/21/2016 09:37:55 AM 847A880740CD 9C5D125A8094 AP-NZL-HAS-01 DETAIL (428)Send message to RADIUS Server(192.168.25.7): code=1 (Access-Request) identifier=60 length=401, User-Name=myuser@myorg.com Called-Station-Id=9C-5D-12-5A-80-94:CSE-Corp-2.4 Calling-Station-Id=84-7A-88-07-40-CD NAS-IP-Address=192.168.25.7 
09/21/2016 09:37:55 AM 847A880740CD 9C5D125A8094 AP-NZL-HAS-01 DETAIL (429)RADIUS: SSL connection established 
09/21/2016 09:37:55 AM 847A880740CD 9C5D125A8094 AP-NZL-HAS-01 DETAIL (430)Receive message from RADIUS Server: code=11 (Access-Challenge) identifier=60 length=123 
09/21/2016 09:37:55 AM 847A880740CD 9C5D125A8094 AP-NZL-HAS-01 DETAIL (431)Send message to RADIUS Server(192.168.25.7): code=1 (Access-Request) identifier=61 length=263, User-Name=myuser@myorg.com Called-Station-Id=9C-5D-12-5A-80-94:CSE-Corp-2.4 Calling-Station-Id=84-7A-88-07-40-CD NAS-IP-Address=192.168.25.7 
09/21/2016 09:37:56 AM 847A880740CD 9C5D125A8094 AP-NZL-HAS-01 DETAIL (432)RADIUS: SSL negotiation is finished successfully 
09/21/2016 09:37:56 AM 847A880740CD 9C5D125A8094 AP-NZL-HAS-01 DETAIL (433)Receive message from RADIUS Server: code=11 (Access-Challenge) identifier=61 length=101 
09/21/2016 09:37:56 AM 847A880740CD 9C5D125A8094 AP-NZL-HAS-01 DETAIL (434)Send message to RADIUS Server(192.168.25.7): code=1 (Access-Request) identifier=62 length=332, User-Name=myuser@myorg.com Called-Station-Id=9C-5D-12-5A-80-94:CSE-Corp-2.4 Calling-Station-Id=84-7A-88-07-40-CD NAS-IP-Address=192.168.25.7 
09/21/2016 09:37:57 AM 847A880740CD 9C5D125A8094 AP-NZL-HAS-01 DETAIL (435)RADIUS: PEAP inner tunneled conversion 
09/21/2016 09:37:57 AM 847A880740CD 9C5D125A8094 AP-NZL-HAS-01 DETAIL (436)Receive message from RADIUS Server: code=11 (Access-Challenge) identifier=62 length=179 
09/21/2016 09:37:57 AM 847A880740CD 9C5D125A8094 AP-NZL-HAS-01 DETAIL (437)Send message to RADIUS Server(192.168.25.7): code=1 (Access-Request) identifier=63 length=380, User-Name=myuser@myorg.com Called-Station-Id=9C-5D-12-5A-80-94:CSE-Corp-2.4 Calling-Station-Id=84-7A-88-07-40-CD NAS-IP-Address=192.168.25.7 
09/21/2016 09:37:58 AM 847A880740CD 9C5D125A8094 AP-NZL-HAS-01 INFO (438)Rx disassoc (reason 8 , rssi -61dB) 
09/21/2016 09:37:58 AM 847A880740CD 9C5D125A8094 AP-NZL-HAS-01 BASIC (439)Sta(at if=wifi0.1) is de-authenticated because of notification of driver 
09/21/2016 09:37:59 AM 847A880740CD 9C5D125A8094 AP-NZL-HAS-01 DETAIL (440)RADIUS: PEAP Tunneled authentication was rejected. NTLM_auth failed for Reading winbind reply failed! (0xc0000001) 
09/21/2016 09:41:21 AM 847A880740CD 9C5D125A8094 AP-NZL-HAS-01 DETAIL (441)Rx probe req (rssi -61dB) 
09/21/2016 09:41:21 AM 847A880740CD 9C5D125A8094 AP-NZL-HAS-01 BASIC (442)Tx probe resp (pwr 13dBm) 
09/21/2016 09:41:21 AM 847A880740CD 9C5D125A8094 AP-NZL-HAS-01 BASIC (443)Tx probe resp (pwr 13dBm) 


I have changed the username and domain due to privacy reason. Any ideas why it is happening. All other users are authenticating fine.
Photo of Farzan Qureshi

Farzan Qureshi

  • 5 Posts
  • 0 Reply Likes
  • Confused

Posted 2 years ago

  • 1
Photo of Farzan Qureshi

Farzan Qureshi

  • 5 Posts
  • 0 Reply Likes
Logged a fault with Aerohive support and got following reply: it may help others:

HiveOS 6.8r1 is known to have some potential issues with RADIUS authentication, so one step would be to change the RADIUS AP, and AP in which client connects to, to HiveOS 6.5r4 (not 6.5r5 if it's available), and let us know of the results with the connection.

It could also be a potential client issue with the mobile device depending on its support and implementation of WPA2 Enterprise. I also recommend testing with another device such as a Windows computer. 
Photo of Farzan Qureshi

Farzan Qureshi

  • 5 Posts
  • 0 Reply Likes
Turned out to be issue with user credentials.