Solved

Extreme Wireless C35 and MAC Authentication using Server 2016 Network Policy Server

  • 24 January 2020
  • 8 replies
  • 1159 views

I have exhausted all documentation and suggestions for configuring Microsoft RADIUS to MAC Authenticate to our Private SSID.  We are using C35 controllers and Server 2016, has anyone been able to get this to work?  If so, what instructions/guides were followed? 

I appreciate any suggestions or recommendations!

Thank you.

icon

Best answer by Brian Anderson 27 January 2020, 17:50

If your ssid is set to bridge at ap and you aren’t using AP-Aware, then the port being set to .1x may affect your authentication.  

However, if your ssid is set to 802.1x and your domain computer has 802.1x turned on, then this protocol will take precedence and will try to authenticate with the username and password of either the computer or user, depending on how the computer is configured and where in the login process the computer is in.  

I’d start with unchecking the requirement on the client to check for certificate and go from troubleshooting from there.  

View original

8 replies

Userlevel 5
Badge

Hello robertmare,

 

did you read this article?

 

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-mac-authentication-on-Extreme-Wireless-and-Windows-Server-2008-2012-2016-NPS-Server

 

Best regards

Stephan

Thank you for the reply Stephan.  Yes, that is the first article I used for configuration.

Userlevel 3

What error messages do you see in your NPS or AD server?

Hi Brian,

The error I am currently receiving is:

On the Server

Event ID: 6273 Reason Code 16, Authentication failed due to a user credentials mismatch.  Either the user name provided does not map to an existing account or the password was incorrect.

 

On the client:

Event ID: 5632 Network Authentication failed\n The user certificate required for the network can’t be found on this computer.

 

Please note I believe that I have successfully created and distributed the certificate required, however not so sure?  

My last configuration attempt followed this document:

https://community.extremenetworks.com/extremewireless-identifi-230294/how-to-guide-extreme-wireless-authenticates-domain-computers-using-certificates-nps-eap-tls-7563337

 

Thank you in advance for your time!

Userlevel 3

What kind of device are you trying to authenticate? If a domain computer, why not use .1x?

It is in fact a domain computer.  I apologize, however haven’t used NPS/RADIUS in quite sometime so unsure as to what you mean by using .1x?  The port for the connection policy is Wireless 802.11x….but doubt thats what is meant here?

Userlevel 3

If your ssid is set to bridge at ap and you aren’t using AP-Aware, then the port being set to .1x may affect your authentication.  

However, if your ssid is set to 802.1x and your domain computer has 802.1x turned on, then this protocol will take precedence and will try to authenticate with the username and password of either the computer or user, depending on how the computer is configured and where in the login process the computer is in.  

I’d start with unchecking the requirement on the client to check for certificate and go from troubleshooting from there.  

I will try.  Thank you for the reply!

Reply