topic Re: Rejected NTLM authentication in ExtremeControl

Rejected NTLM authentication

Sacha_Brys — Mon, 27 Sep 2021 19:40:34 GMT

Client Certificate Error(s): 1) Unknown Certificate Authority: A valid certificate chain or partial chain was received, but the certificate was not accepted because the CA certificate could not be located or couldn`t be matched with a known, trusted CA

So,

When I do a ‘Configuration evaluation Tool’, then the user would hit the right rule.
What is going wrong here?

Re: Rejected NTLM authentication

Stefan_K_ — Mon, 27 Sep 2021 20:13:30 GMT

Did you import the Root-CA Certificate in your AAA-Config?

Control → Access Control → Configuration → AAA → Select your AAA-Config → Update Trusted Authorities

Re: Rejected NTLM authentication

Sacha_Brys — Mon, 27 Sep 2021 20:51:52 GMT

@James A : how can I check this trust between the client and the RADIUS server’s certificate?
thanks in advance
greetz

Re: Rejected NTLM authentication

Ryan_Yacobucci — Mon, 11 Oct 2021 23:22:48 GMT

I see the authentication type of "802.1x (PEAP)". In the context of 802.1x PEAP/MsChapv2 authentication the only certificate transaction that occurs is the RADIUS server will send it's certificate to the client to establish a TLS session.

This is an indication that the client cannot validate the RADIUS server certificate.

Extreme Control is shipped with a self signed certificated that will always fail validation. You must either de-select "validate server certificate" in the Windows supplicant configuration, or install a RADIUS server certificate signed by a well known commercial authority who's root certificate is already installed on the client.

Check out this article:

https://extremeportal.force.com/ExtrArticleDetail?an=000063172

Thanks
-Ryan