Hello,
I tried to change the security configuration of my wlan from Termination:Enabled to Termination: Disabled.
Before doing that, I was able to connect with windows computers, the authentication was made by mschapv2 (cf security logs).
With the Termination: Disabled, the authentication isn't working, and I can't figure out why.
The error message is:
Reason code 23
An error occured during the Network Policy Server use of the Extensible Authentication Protocol (EAP), Check EAP log files for EAP errors.
Here are the logs:
------------ IASSAM ------------
[1980] 04-11 16:13:42:796: NT-SAM Names handler received request with user identity admin.
[1980] 04-11 16:13:42:796: Prepending default domain.
[1980] 04-11 16:13:42:796: NameMapper::prependDefaultDomain
[1980] 04-11 16:13:42:796: SAM-Account-Name is "DC\admin".
[1980] 04-11 16:13:42:796: Successfully created new RAP Based EAP session for user DC\admin.
[1980] 04-11 16:13:42:796: No AUTHENTICATION extensions, continuing
[1980] 04-11 16:13:42:796: NT-SAM Authentication handler received request for DC\admin.
[1980] 04-11 16:13:42:796: Validating windows user account DC\admin
[1980] 04-11 16:13:42:796: Sending LDAP search to WIN-35M4P8MNI43.dc.lab.
[1980] 04-11 16:13:42:796: LDAP ERROR in ldap_search_ext_sW. Code = 81
[1980] 04-11 16:13:42:796: Extended error string: (null)
[1980] 04-11 16:13:42:796: Retrying LDAP search.
[1980] 04-11 16:13:42:812: Opening LDAP connection to WIN-35M4P8MNI43.dc.lab.
[1980] 04-11 16:13:42:812: The registry value DisableLdapEncryption does not exist. Using default 0
[1980] 04-11 16:13:42:812: Trying to set LDAP encryption = 1
[1980] 04-11 16:13:42:812: Setting localServerName.User to WIN-35M4P8MNI43$
[1980] 04-11 16:13:42:858: LDAP connect succeeded.
[1980] 04-11 16:13:42:858: Sending LDAP search to WIN-35M4P8MNI43.dc.lab.
[1980] 04-11 16:13:42:858: Successfully validated windows account DC\admin.
[1980] 04-11 16:13:42:858: Allowed EAP type: 25
[1980] 04-11 16:13:42:858: Succesfully created EAP Host session with session id 5
[1980] 04-11 16:13:42:858: Processing output from EAP: action:1
[1980] 04-11 16:13:42:858: Inserting outbound EAP-Message of length 6.
[1980] 04-11 16:13:42:858: Issuing Access-Challenge.
[1980] 04-11 16:13:42:858: No AUTHORIZATION extensions, continuing
[2340] 04-11 16:13:42:858: Successfully retrieved session (5) for user DC\admin.
[2340] 04-11 16:13:42:858: No AUTHENTICATION extensions, continuing
[2340] 04-11 16:13:42:858: Processing output from EAP: action:1
[2340] 04-11 16:13:42:858: Inserting outbound EAP-Message of length 1096.
[2340] 04-11 16:13:42:858: Issuing Access-Challenge.
[2340] 04-11 16:13:42:858: No AUTHORIZATION extensions, continuing
[1980] 04-11 16:13:42:890: Successfully retrieved session (5) for user DC\admin.
[1980] 04-11 16:13:42:890: No AUTHENTICATION extensions, continuing
[1980] 04-11 16:13:42:890: Processing output from EAP: action:1
[1980] 04-11 16:13:42:890: Inserting outbound EAP-Message of length 383.
[1980] 04-11 16:13:42:890: Issuing Access-Challenge.
[1980] 04-11 16:13:42:890: No AUTHORIZATION extensions, continuing
[2340] 04-11 16:13:42:905: Successfully retrieved session (5) for user DC\admin.
[2340] 04-11 16:13:42:905: No AUTHENTICATION extensions, continuing
[2340] 04-11 16:13:42:905: Processing output from EAP: action:2
[2340] 04-11 16:13:42:905: Translating attributes returned by EAPHost.
[2340] 04-11 16:13:42:905: EAP authentication failed.
[2340] 04-11 16:13:42:905: No AUTHORIZATION extensions, continuing
[2340] 04-11 16:13:42:905: Inserting outbound EAP-Message of length 4.
------------ IASSAM ------------
[1980] 04-11 16:13:42:858: EapPeapEnd
[1980] 04-11 16:13:42:858: EapTlsEnd
[1980] 04-11 16:13:42:858: EapTlsEnd(dc\admin)
[1980] 04-11 16:13:42:858: EapPeapEnd done
[1980] 04-11 16:13:42:858: EapPeapBegin
[1980] 04-11 16:13:42:858: EapPeapBegin - flags(0x2)
[1980] 04-11 16:13:42:858: PeapReadUserData
[1980] 04-11 16:13:42:858:
[1980] 04-11 16:13:42:858: EapTlsBegin(DC\admin)
[1980] 04-11 16:13:42:858: SetupMachineChangeNotification
[1980] 04-11 16:13:42:858: State change to Initial
[1980] 04-11 16:13:42:858: EapTlsBegin: Detected PEAP authentication
[1980] 04-11 16:13:42:858: MaxTLSMessageLength is now 16384
[1980] 04-11 16:13:42:858: CRYPT_E_NO_REVOCATION_CHECK will not be ignored
[1980] 04-11 16:13:42:858: CRYPT_E_REVOCATION_OFFLINE will not be ignored
[1980] 04-11 16:13:42:858: The root cert will not be checked for revocation
[1980] 04-11 16:13:42:858: The cert will be checked for revocation
[1980] 04-11 16:13:42:858: EapPeapBegin done
[1980] 04-11 16:13:42:858: EapPeapMakeMessage
[1980] 04-11 16:13:42:858: EapPeapSMakeMessage, flags(0x405)
[1980] 04-11 16:13:42:858: EapPeapSMakeMessage, user prop flags(0x1)
[1980] 04-11 16:13:42:858: PEAP:PEAP_STATE_INITIAL
[1980] 04-11 16:13:42:858: EapTlsSMakeMessage, state(0)
[1980] 04-11 16:13:42:858: EapTlsReset
[1980] 04-11 16:13:42:858: State change to Initial
[1980] 04-11 16:13:42:858: EapGetCredentials
[1980] 04-11 16:13:42:858: Flag is Server and Store is local Machine
[1980] 04-11 16:13:42:858: GetCachedCredentials Flags = 0x40e1
[1980] 04-11 16:13:42:858: FindNodeInCachedCredList, flags(0x40e1), default cached creds(0), check thread token(1)
[1980] 04-11 16:13:42:858: pNode->dwCredFlags = 0x12
[1980] 04-11 16:13:42:858: GetCachedCredentials: Using Cached Credentials
[1980] 04-11 16:13:42:858: GetCachedCredentials: Hash of the cert in the cache is
2B 3C 4B FD E9 11 18 49 74 60 4F 97 1E 1C A1 2A |+,K....ItpO....*|
6D BE 13 B6 00 00 00 00 00 00 00 00 00 00 00 00 |m...............|
[1980] 04-11 16:13:42:858: BuildPacket
[1980] 04-11 16:13:42:858: << Sending Request (Code: 1) packet: Id: 2, Length: 6, Type: 13, TLS blob length: 0. Flags: S
[1980] 04-11 16:13:42:858: State change to SentStart
[1980] 04-11 16:13:42:858: EapPeapSMakeMessage done
[1980] 04-11 16:13:42:858: EapPeapMakeMessage done
[2340] 04-11 16:13:42:858: EapPeapMakeMessage
[2340] 04-11 16:13:42:858: EapPeapSMakeMessage, flags(0x405)
[2340] 04-11 16:13:42:858: EapPeapSMakeMessage, user prop flags(0x1)
[2340] 04-11 16:13:42:858: Cloned PPP_EAP_PACKET packet
[2340] 04-11 16:13:42:858: PEAP:PEAP_STATE_TLS_INPROGRESS
[2340] 04-11 16:13:42:858: EapTlsSMakeMessage, state(1)
[2340] 04-11 16:13:42:858: MakeReplyMessage
[2340] 04-11 16:13:42:858: Reallocating input TLS blob buffer
[2340] 04-11 16:13:42:858: SecurityContextFunction
[2340] 04-11 16:13:42:858: AcceptSecurityContext returned 0x90312
[2340] 04-11 16:13:42:858: State change to SentHello
[2340] 04-11 16:13:42:858: BuildPacket
[2340] 04-11 16:13:42:858: << Sending Request (Code: 1) packet: Id: 3, Length: 1096, Type: 13, TLS blob length: 1463. Flags: LM
[2340] 04-11 16:13:42:858: EapPeapSMakeMessage done
[2340] 04-11 16:13:42:858: EapPeapMakeMessage done
[1980] 04-11 16:13:42:890: EapPeapMakeMessage
[1980] 04-11 16:13:42:890: EapPeapSMakeMessage, flags(0x605)
[1980] 04-11 16:13:42:890: EapPeapSMakeMessage, user prop flags(0x1)
[1980] 04-11 16:13:42:890: Cloned PPP_EAP_PACKET packet
[1980] 04-11 16:13:42:890: PEAP:PEAP_STATE_TLS_INPROGRESS
[1980] 04-11 16:13:42:890: EapTlsSMakeMessage, state(2)
[1980] 04-11 16:13:42:890: BuildPacket
[1980] 04-11 16:13:42:890: << Sending Request (Code: 1) packet: Id: 4, Length: 383, Type: 13, TLS blob length: 0. Flags:
[1980] 04-11 16:13:42:890: EapPeapSMakeMessage done
[1980] 04-11 16:13:42:890: EapPeapMakeMessage done
[2340] 04-11 16:13:42:905: EapPeapMakeMessage
[2340] 04-11 16:13:42:905: EapPeapSMakeMessage, flags(0x605)
[2340] 04-11 16:13:42:905: EapPeapSMakeMessage, user prop flags(0x1)
[2340] 04-11 16:13:42:905: Cloned PPP_EAP_PACKET packet
[2340] 04-11 16:13:42:905: PEAP:PEAP_STATE_TLS_INPROGRESS
[2340] 04-11 16:13:42:905: EapTlsSMakeMessage, state(2)
[2340] 04-11 16:13:42:905: MakeReplyMessage
[2340] 04-11 16:13:42:905: Reallocating input TLS blob buffer
[2340] 04-11 16:13:42:905: SecurityContextFunction
[2340] 04-11 16:13:42:905: AcceptSecurityContext returned 0x80090330
[2340] 04-11 16:13:42:905: State change to SentFinished. Error: 0x80090330
[2340] 04-11 16:13:42:905: Negotiation unsuccessful
[2340] 04-11 16:13:42:905: BuildPacket
[2340] 04-11 16:13:42:905: << Sending Failure (Code: 4) packet: Id: 5, Length: 4, Type: 0, TLS blob length: 0. Flags:
[2340] 04-11 16:13:42:905: AuthResultCode = (-2146893008), bCode = (4)
[2340] 04-11 16:13:42:905: EapPeapSMakeMessage done
[2340] 04-11 16:13:42:905: EapPeapMakeMessage done