iT邦幫忙

0

RADIUS Server 拒绝访问

AP 使用 RADIUS Server 认证,但是使用域用户名密码认证失败。
不能连接到网络。
这是我的 AP 配置:
使用 WPA2-Enterprise 模式也是一样。
https://ithelp.ithome.com.tw/upload/images/20190116/20099494uaZkfXE4gu.png

日志信息:

Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.

User:
Security ID: SH\testuser
Account Name: testuser
Account Domain: SH
Fully Qualified Account Name: SH\testuser

Client Machine: Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: 00-1A-70-A8-FA-30
Calling Station Identifier: 00-28-F8-73-53-11

NAS:
NAS IPv4 Address: ...
NAS IPv6 Address: -
NAS Identifier: -
NAS Port-Type:
Wireless - IEEE 802.11
NAS Port: 0

RADIUS Client:
Client Friendly Name: Test
Client IP Address: ...

Authentication Details:
Connection Request Policy Name: WIFI
Network Policy Name: WIFI
Authentication Provider: Windows
Authentication Server: NPSSVR04.test.com
Authentication Type: EAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 22
Reason: The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.
这是 NPS 的配置:
https://ithelp.ithome.com.tw/upload/images/20190116/20099494Z0C5YGWKvj.png

https://ithelp.ithome.com.tw/upload/images/20190116/20099494nhln8suAjV.png

https://ithelp.ithome.com.tw/upload/images/20190116/20099494CtjdePyJXY.png

1 個回答

0
raytracy
iT邦大神 1 級 ‧ 2019-01-16 15:33:48

EAP 錯誤通常是憑證出問題造成的, 先查查你的 Server 憑證是否過期? 或者憑證的 Private key 錯誤? 或是 Root CA 過期失效?

The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.

as900 iT邦新手 2 級 ‧ 2019-01-17 08:25:54 檢舉

NPS Server 是新建的 Server,Certificate 是新申请的。
请问,Private key 这个在哪里看的啊?
Root CA 也没有过期。

我要發表回答

立即登入回答