[j-nsp] Radius authentication
lordsith49 at hotmail.com
Wed Oct 29 18:06:50 EDT 2014
After spending a while picking at this: there was a group attribute called "Service-Type" applied to a group that everyone belonged to. After I removed it, everyone was able to connect successfully.
> From: lordsith49 at hotmail.com
> To: juniper-nsp at puck.nether.net
> Date: Wed, 29 Oct 2014 13:59:16 -0600
> Subject: [j-nsp] Radius authentication
> I recently set up a very basic WLC and a few APs using the web interfaces. For my first SSID I enabled 802.1x PEAP/MSCHAPv2 authentication and pointed it to an existing RADIUS server but users cannot connect to the SSID. The RADIUS server says authentication is succeeding but the WLC gives the following errors:
> AAA Oct 29 12:40:53.873114 WARNING AUTHORIZATION-FAILURE: user: joe.smith; mac: 40:0e:85:1b:da:ac; ssid: net-test; AP 1/1AAA Oct 29 12:40:53.873025 WARNING AAA_NOTIFY_ERR: (1308) AUTHENTICATION PASSED BUT AUTHORIZATION FAILEDAAA Oct 29 12:40:53.872931 WARNING AAA_NOTIFY_ERR: (1308) 40:0e:85:1b:da:ac: CLIENT AUTHORIZATION FAILED: Invalid service type
> I've been unsuccessful trying to figure out what the service type is. Is this defined on the RADIUS server or the WLC?
> juniper-nsp mailing list juniper-nsp at puck.nether.net
More information about the juniper-nsp