M and MSM Series
1748275 Members
3616 Online
108761 Solutions
New Discussion

Re: MSM760 Controller - Active Directory authentication

 
Moop
Occasional Contributor

MSM760 Controller - Active Directory authentication

Hello!

 

I need help configuring my MSM760 for Active Directory authentication, I've succesfully joined a domain and activated the default Active directory groups on my controller. 

 

I configured the VSC to use 802.1X authentication and checked in the box for Active Directory authentication.

 

When I try to connect to the network I get the error message "Network authentication failed because of a problem with the user account".

 

This is my first time working with this type of solution, any kind of tip that would point my in the right direction would be highly appreciated!

 


3 REPLIES 3
ISoliman
Super Advisor

Re: MSM760 Controller - Active Directory authentication

Moop
Occasional Contributor

Re: MSM760 Controller - Active Directory authentication

Hi, thanks for the answer!

 

However I'm still having problems, maybe I should have mentioned in the OP that I'm running against a Samba 4 Domain aswell.

 

On the supplicant I ran: netsh ras set tracing * enabled. Everything seems to be fine until the end of the log when I recieve the following error:

 

[13660] 07-09 12:25:38:425: Success received...
[13660] 07-09 12:25:38:426: Done :)
[13660] 07-09 12:25:38:426: GetClientMPPEKeys
[7996] 07-09 12:25:38:506: EapMSChapv2MakeMessage
[7996] 07-09 12:25:38:506: EapMSChapv2CMakeMessage (\administrator)
[7996] 07-09 12:25:38:506: EMV2_CHAPAuthSuccess
[7996] 07-09 12:25:38:506: EapMSChapv2CMakeMessage: rcvd invalid pk, code: 4, expecting 3
[7996] 07-09 12:25:38:542: EapMSChapv2End
[7996] 07-09 12:25:38:542: ChapEnd

 

I've googled my heart out on this problem but have yet to find anything usefull, maybe Samba is just not supported by the controller?

 

Thanks again for the help!

 

 

 

Manfri
Frequent Advisor

Re: MSM760 Controller - Active Directory authentication

Samba... it's a good guess.

 

the controller do ldap query to specific attribute (MsNPAllowDialin) in ad, that i don't think are implemented by samba.

 

i wolu try to find a you can che have a radius implementation that interface with the samba AD, like IAS do with Microsoft AD.