Remote Networking

Reply
Occasional Contributor II
Posts: 61
Registered: ‎08-12-2009

Authentication fails when AP on different subnet than controller

We have several subnets on our WAN. Our controller is in one with local APs nd we also have APs in another building that is connected through a 100mb connection. When connecting to an AP on the remote subnet authentication fails witht he following error:

Reason-Code = 16
Reason = Authentication was not successful because an unknown user name or incorrect password was used.

But if this same laptop is on the same subnet as the controller there are no problems. The controller sees the AP at the remote site and the remote AP has been updated with the correct configuration.
Any thoughts?

Thanks
Ed
Guru Elite
Posts: 20,815
Registered: ‎03-29-2007

The Entire Message


We have several subnets on our WAN. Our controller is in one with local APs nd we also have APs in another building that is connected through a 100mb connection. When connecting to an AP on the remote subnet authentication fails witht he following error:

Reason-Code = 16
Reason = Authentication was not successful because an unknown user name or incorrect password was used.

But if this same laptop is on the same subnet as the controller there are no problems. The controller sees the AP at the remote site and the remote AP has been updated with the correct configuration.
Any thoughts?

Thanks
Ed




Is this for only this laptop, or for all laptops?

Post the entire message from the "system" evenviewer in IAS. Does it look like it is logging in with a username that is valid? Does the IAS failure message locate and display where the user is in AD when it is rejected?

If the username that failed authentication in the message is just "username" instead of "domain\ou\username" that means it did not find the user. Is the username a "host\username" that fails in the message? That could mean that you don't have machine authentication configured in IAS.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 61
Registered: ‎08-12-2009

Re: Authentication fails when AP on different subnet than controller

It is actually failing on the computer account name. I moved it around in different OUs and it sees the location change. Here is the full log info:

User host/08-233-LAP1.solanco.local was denied access.
Fully-Qualified-User-Name = solanco.local/Systems/High School/Workstations/Tech Dept/08-233-LAP1
NAS-IP-Address = 10.52.0.40
NAS-Identifier = 10.52.0.40
Called-Station-Identifier = 000B86616130
Calling-Station-Identifier = 001CBF03425B
Client-Friendly-Name = Solanco Radius
Client-IP-Address = 10.52.0.40
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 1
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server =
Policy-Name = Solanco Wireless
Authentication-Type = PEAP
EAP-Type =
Reason-Code = 16
Reason = Authentication was not successful because an unknown user name or incorrect password was used.

For more information, see Help and Support Center at
Guru Elite
Posts: 20,815
Registered: ‎03-29-2007

Machine Authentication


It is actually failing on the computer account name. I moved it around in different OUs and it sees the location change. Here is the full log info:

User host/08-233-LAP1.solanco.local was denied access.
Fully-Qualified-User-Name = solanco.local/Systems/High School/Workstations/Tech Dept/08-233-LAP1
NAS-IP-Address = 10.52.0.40
NAS-Identifier = 10.52.0.40
Called-Station-Identifier = 000B86616130
Calling-Station-Identifier = 001CBF03425B
Client-Friendly-Name = Solanco Radius
Client-IP-Address = 10.52.0.40
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 1
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server =
Policy-Name = Solanco Wireless
Authentication-Type = PEAP
EAP-Type =
Reason-Code = 16
Reason = Authentication was not successful because an unknown user name or incorrect password was used.

For more information, see Help and Support Center at




Do you have a separate remote access policy to allow machines to connect? This login only occurs when a machine is at the ctrl-alt-delete screen. You would need a separate remote access policy, just like the one you use for users, except the Windows-Groups in this one would be "domain computers".


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 61
Registered: ‎08-12-2009

Re: Authentication fails when AP on different subnet than controller

I email you a screen shoot of my current IAS Policy but you saying I ned a second one? My current policy has Domain Computers and another group I created that I am moving laptops to as I have time. Let me know what I should look at next.

Thanks
Occasional Contributor II
Posts: 61
Registered: ‎08-12-2009

Re: Authentication fails when AP on different subnet than controller

I seperated them and still get same error..i sent you screen shot of policies
Search Airheads
Showing results for 
Search instead for 
Did you mean: