Tag Archives: authentication

IAS, 802.1X and Cisco

This took me hours to fix. I’m so utterly annoyed at myself for not finding the problem out earlier, that I’m going to let you in on what I did.

We have a set up at work of about 100 cisco routers, aironets and other 802.1x devices connecting to a Windows 2008 IAS box for AD RADIUS authentication. Now, this one user was having a problem with them. IAS logs are, as I’m sure you’re aware, impossible to read. I could see something happening in the logs, but the aironet said Station [mac] Authentication failed. Hmm. AD security logs showed he authenticated ok. It took a long time for Windows to give up authenticating, so seemed like a network related issue. This guy was ok at home with his wireless so the laptop was ok. Weird.

Anyway, after a long and hard struggle of no errors being logged, I looked at his “dial-in” tab in AD and lo and behold, it was set to “deny”. Thanks to whomever set his account up, that was a great help. To make it better, that tab doesn’t show in my Win7 RSAT so I had to RDP to a 2k3 box.