Re: wireless authentication before logon

From: MToddH (MToddH_at_discussions.microsoft.com)
Date: 11/29/04 

Date: Mon, 29 Nov 2004 07:49:04 -0800

I checked the event viewer and found this every time my machine attemps to
authenticate. I have my computer & user accounts in the group that has been
granted access to the remote access policy. It's interesting that I don't
have a Dial-in tab on my computer accounts as has been mentioned in some KB
articles. I do have a Dial-in tab for users.

Reason-Code = 65
Reason = The connection attempt failed because remote access permission for
the user account was denied. To allow remote access, enable remote access
permission for the user account, or, if the user account specifies that
access is controlled through the matching remote access policy, enable remote
access permission for that remote access policy.

"S. Pidgorny <MVP>" wrote:

> First and foremost, review the logs on IAS and on the client. Enable
> debugging on the access point and capture debugging info too. there might be
> clues - or the solution giveaways. Load wireless sniffer and see if the
> client tries to authenticate at all.
>
> Make sure that you don't install the wireless card's vendor client
> software/control application/anything but the driver.
> Update the driver to the latest version, preferably through Windows Update.
> If that still doesn't work - try another wireless card.
>
> --
> Svyatoslav Pidgorny, MVP, MCSE
> -= F1 is the key =-
>
> "MToddH" <MToddH@discussions.microsoft.com> wrote in message
> news:44A90D45-D418-48A3-BC0B-EA66827DEAF3@microsoft.com...
> > I am testing a wireless configuration using 802.1x with the AP
> authentication
> > running through IAS RADIUS & AD. I am using EAP-TLS. I have issued
> computer
> > and user certificates to my test users.
> >
> > I am using Win2003 IAS & CA with a Win2000 AD.
> >
> > Authentication and access seems to be working fine for me after domain
> > logon, but I can't get my machine to authenticate before logon happens. I
> > want to allow my clients to acquire an IP before logon. I have turned on
> > "Authenticate as Computer" on my client and my computer account is added
> to
> > the group that has access to the remote access policy. Any suggestions?
>
>
>

Relevant Pages

  • Re: IAS authentication for entire domain
    ... "Jeff Thornburg" wrote in message ... >I have a need to allow all users in a domain to> authenticate through IAS Remote Access Policy. ... Can I> assign an OU or domain to the Remote Access Policy> instead of a group? ...
    (microsoft.public.internet.radius)
  • Re: wireless authentication before logon
    ... Connections to Microsoft Routing and Remote Access Server ... >> granted access to the remote access policy. ... >> the user account was denied. ...
    (microsoft.public.security)
  • Re: Issues with IAS/802.1x authentication
    ... As soon as I modified the IAS Remote Access Policy and removed this policy ... When I check the eventlog I find the IAS ... > the user account was denied. ...
    (microsoft.public.internet.radius)
  • Re: wireless authentication before logon
    ... Have you removed the default remote access policy in IAS? ... requiring the dial-in permission. ... > the user account was denied. ...
    (microsoft.public.security)
  • RE: Issues with IAS/802.1x authentication
    ... Maybe You have a mismatch authentication configuration between client and ... is not enabled on the matching remote access policy). ... > the user account was denied. ...
    (microsoft.public.internet.radius)