Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » RADIUS/DC/DHCP - Not giving out IPs - [WP]
RADIUS/DC/DHCP - Not giving out IPs - [WP] [message #157644] Fri, 10 July 2009 10:21 Go to next message
WildPacket  is currently offline WildPacket
Messages: 130
Registered: July 2009
Senior Member
Event Type: Information
Event Source: IAS
Event Category: None
Event ID: 1
Date: 7/10/2009
Time: 4:17:42 AM
User: N/A
Computer: DC004

Description:

User wifi@domain.com was granted access.

Fully-Qualified-User-Name = domain.com/RANDD GPO/Users/wifi
NAS-IP-Address = 10.1.7.251
NAS-Identifier = CA1AP
Client-Friendly-Name = Access Point
Client-IP-Address = 10.1.7.251
Calling-Station-Identifier = 0013.0245.4e04
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 315
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Test Wireless Access
Authentication-Type = EAP
EAP-Type = Smart Card or other certificate




You can see from the above system log on my RADIUS Domain Controller. It
also runs the DHCP server. The above indicates that all is good ....but the
test users notebook in this scenario does not get any IP address from this
DHCP server. It says no connectivity or limited connectivity.

Is there any setting in RADIUS/IAS I have to do to fix this???? I tested
this DHCP server is working fine by hooking a client with wire.

Advise Please.

Thanks,
RE: RADIUS/DC/DHCP - Not giving out IPs - [WP] [message #157662 is a reply to message #157644] Fri, 10 July 2009 18:34 Go to previous messageGo to next message
Garry Starck-MCITP En  is currently offline Garry Starck-MCITP En
Messages: 69
Registered: July 2009
Member
Hi WildPacket

I assume this is normal Local wireless Access Points (AP's) that
authenticate users via RADIUS, the AP's - have they all been configured to
forward DHCP/BOOTP requests to the DC's primary IP address, incase the DC has
2 NIC's (Should not have more than 1 netcard on a DC) - DHCP only answers on
the primary IP. Assuming this is not the case, have you checked the the
laptop to see if you can get access/connectivity via use of a static IP., Can
you ping the DC during this test.

Can you supply subnets involved, is you DC performing routing, what routes
are in place?, am I correct in my assumption about WiFI clients
authenticating via RADIUS. If not, what is the current implementation. Are
the AP's configured with the correct VLAN's (The AP's may have them in a
wrong vlan and therefore DHCP scope does not match that of the IP Request),
or if they come through a router other than the DC, EG CISCO, the router's IP
Helpers must be configured to usher dhcp requests to the DC, the AP's are
also in effect routers and must either assign a static ip pool, or relay to
MS DHCP (My Preferref method).

Would I be asking to much for you to elaborate on your config/implementation?

So please supply above requirements, also, DC IpConfig, and a Route PRINT on
the DC since Routing and remote access is on. The AP's subnet and IP, and
make and model. Are you implementing a cretificate infrastructure since
implementing wireless?

Sorry I can't help other than harass you with questions.



--
Garry Starck
MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA


"WildPacket" wrote:

> Event Type: Information
> Event Source: IAS
> Event Category: None
> Event ID: 1
> Date: 7/10/2009
> Time: 4:17:42 AM
> User: N/A
> Computer: DC004
>
> Description:
>
> User wifi@domain.com was granted access.
>
> Fully-Qualified-User-Name = domain.com/RANDD GPO/Users/wifi
> NAS-IP-Address = 10.1.7.251
> NAS-Identifier = CA1AP
> Client-Friendly-Name = Access Point
> Client-IP-Address = 10.1.7.251
> Calling-Station-Identifier = 0013.0245.4e04
> NAS-Port-Type = Wireless - IEEE 802.11
> NAS-Port = 315
> Proxy-Policy-Name = Use Windows authentication for all users
> Authentication-Provider = Windows
> Authentication-Server = <undetermined>
> Policy-Name = Test Wireless Access
> Authentication-Type = EAP
> EAP-Type = Smart Card or other certificate
>
>
>
>
> You can see from the above system log on my RADIUS Domain Controller. It
> also runs the DHCP server. The above indicates that all is good ....but the
> test users notebook in this scenario does not get any IP address from this
> DHCP server. It says no connectivity or limited connectivity.
>
> Is there any setting in RADIUS/IAS I have to do to fix this???? I tested
> this DHCP server is working fine by hooking a client with wire.
>
> Advise Please.
>
> Thanks,
>
RE: RADIUS/DC/DHCP - Not giving out IPs - [WP] [message #157663 is a reply to message #157644] Fri, 10 July 2009 18:38 Go to previous messageGo to next message
Garry Starck-MCITP En  is currently offline Garry Starck-MCITP En
Messages: 69
Registered: July 2009
Member
Also, did you configure the DC as the radius server directly or did you put
it in a group and not config the authentication policy to look at the group
--
Garry Starck
MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA


"WildPacket" wrote:

> Event Type: Information
> Event Source: IAS
> Event Category: None
> Event ID: 1
> Date: 7/10/2009
> Time: 4:17:42 AM
> User: N/A
> Computer: DC004
>
> Description:
>
> User wifi@domain.com was granted access.
>
> Fully-Qualified-User-Name = domain.com/RANDD GPO/Users/wifi
> NAS-IP-Address = 10.1.7.251
> NAS-Identifier = CA1AP
> Client-Friendly-Name = Access Point
> Client-IP-Address = 10.1.7.251
> Calling-Station-Identifier = 0013.0245.4e04
> NAS-Port-Type = Wireless - IEEE 802.11
> NAS-Port = 315
> Proxy-Policy-Name = Use Windows authentication for all users
> Authentication-Provider = Windows
> Authentication-Server = <undetermined>
> Policy-Name = Test Wireless Access
> Authentication-Type = EAP
> EAP-Type = Smart Card or other certificate
>
>
>
>
> You can see from the above system log on my RADIUS Domain Controller. It
> also runs the DHCP server. The above indicates that all is good ....but the
> test users notebook in this scenario does not get any IP address from this
> DHCP server. It says no connectivity or limited connectivity.
>
> Is there any setting in RADIUS/IAS I have to do to fix this???? I tested
> this DHCP server is working fine by hooking a client with wire.
>
> Advise Please.
>
> Thanks,
>
RE: RADIUS/DC/DHCP - Not giving out IPs - [WP] [message #157664 is a reply to message #157644] Fri, 10 July 2009 18:42 Go to previous messageGo to next message
Garry Starck-MCITP En  is currently offline Garry Starck-MCITP En
Messages: 69
Registered: July 2009
Member
Sorry, is the implementation just 1 AP, or a domain of them, do they comm
with a controller of any sort?, Have you added any specific vendor-specific
classes

--
Garry Starck
MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA


"WildPacket" wrote:

> Event Type: Information
> Event Source: IAS
> Event Category: None
> Event ID: 1
> Date: 7/10/2009
> Time: 4:17:42 AM
> User: N/A
> Computer: DC004
>
> Description:
>
> User wifi@domain.com was granted access.
>
> Fully-Qualified-User-Name = domain.com/RANDD GPO/Users/wifi
> NAS-IP-Address = 10.1.7.251
> NAS-Identifier = CA1AP
> Client-Friendly-Name = Access Point
> Client-IP-Address = 10.1.7.251
> Calling-Station-Identifier = 0013.0245.4e04
> NAS-Port-Type = Wireless - IEEE 802.11
> NAS-Port = 315
> Proxy-Policy-Name = Use Windows authentication for all users
> Authentication-Provider = Windows
> Authentication-Server = <undetermined>
> Policy-Name = Test Wireless Access
> Authentication-Type = EAP
> EAP-Type = Smart Card or other certificate
>
>
>
>
> You can see from the above system log on my RADIUS Domain Controller. It
> also runs the DHCP server. The above indicates that all is good ....but the
> test users notebook in this scenario does not get any IP address from this
> DHCP server. It says no connectivity or limited connectivity.
>
> Is there any setting in RADIUS/IAS I have to do to fix this???? I tested
> this DHCP server is working fine by hooking a client with wire.
>
> Advise Please.
>
> Thanks,
>
Re: RADIUS/DC/DHCP - Not giving out IPs - [WP] [message #370534 is a reply to message #157664] Sun, 17 January 2010 19:52 Go to previous message
Lsnick  is currently offline Lsnick  United States
Messages: 1
Registered: January 2010
Junior Member
I have run in to the same issue.

After installing the certificate, the client authenticates fine, but
somewhere along the lines the AP is not giving out a DHCP address. DHCP
& DNS is configured correctly and works with wired connections.

I had the RADIUS working for a whole day on the weekend, though after a
server reboot everything has gone a-miss again. I believe it has
something to do with the Health Policies...

I'll check back when I know more.


--
Lsnick
------------------------------------------------------------ ------------
Lsnick's Profile: http://forums.techarena.in/members/175264.htm
View this thread: http://forums.techarena.in/active-directory/1211464.htm

http://forums.techarena.in
Previous Topic:Domain Trust to 2 domains with the same NetBIOS name
Next Topic:Pushing Hosts file via Group Policy
Goto Forum:
  


Current Time: Sat Oct 21 19:11:59 EDT 2017

Total time taken to generate the page: 0.05950 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software