ArubaOS and Controllers

Reply
Occasional Contributor I

radius authentication failures

Authenticating to a win 2008 radius server, ms-chapv2 PEAP. We have two users, both running windows 7, who intermittently fail authentication. The credentials box will keep popping up and then lock their windows account out. Often if you wait, or reboot, and try again, it will then go through. It can continue working up to a week but then will suddenly go crazy again.

Upon failures, the NPS server event log shows error code 16: unknown user name or password. I have looked at the NPS logs and you will see a failed login attempt and then seconds later a successful one from the same machine, same user.

Some things to confound this: we have many other win7 systems, based on the same ghost image (and identical hardware), with no issues ever. One of the users having problems just got a new laptop, and never had any issues with the older laptop. The wireless settings are pushed out from GP so they should be identical. I am new to troubleshooting issues like this -- what can i try? Thanks!!
Guru Elite

Re: radius authentication failures

Does this only happen to those two users, or is the problem localized to those laptops?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: radius authentication failures

well there are hints it is localized to the laptops since one of the old user's laptop always worked fine (still does, he kept it). Are you suggesting i try logging onto one of their machines and see if perhaps my user account experiences the same issues to confirm it is something on the laptop? the other bizarre thing is they should be identical in software and hardware to systems that have had no issues since they were setup from a ghost image.
Guru Elite

Re: radius authentication failures

How long ago has it started happening and what changes have been made since then? Radius authentication is largely between the client and the domain, with the controller just sitting in the middle. Can you open up a ticket with microsoft so that you can get some perspective on this? The controller takes its cue from the authentication failure message that it gets from the NPS server. If it is failing, it is most likely something with the client or the domain it is connecting to.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: radius authentication failures

The system is only a few weeks old so these problems are new, but so is the system. I understand what you are saying, I didnt really suspect the controller but figured someone may have experienced these sorts of problems or might have suggestions on things to try or check. It is just unfortunate the errors I find are as vague as 'unknown user name or password' which seems worthless when it works sometimes! I'll keep digging at it. I'll report back if I do figure it out.
Occasional Contributor I

Re: radius authentication failures

I don't know if you found a resolution to this issue but we are experiencing the same thing and believe it to be related to our domain controllers. We are in the process of upgrading our domain controllers to 2008 while also changing the LM authentication level to 5 which is "Send NTLMv2 response only/refuse LM & NTLM".

Some users go to our 2003 DCs with a lesser LM authentication level for authentication and don’t have an issue while some go to the updated servers and get locked out which is why it seems sporadic and random. Since Radius authentication is largely between the client and the domain like Colin says, I'm pretty sure it is related to this reg key on the XP machines I' m dealing with but haven't tested yet.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\LmCompatibilityLevel

I think it would need to be set to 5 like our new DCs. Any thoughts?
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: