cancel
Showing results for 
Search instead for 
Did you mean: 

Rejected NTLM authentication

Rejected NTLM authentication

Sacha_Brys
Contributor

Client Certificate Error(s): 1) Unknown Certificate Authority: A valid certificate chain or partial chain was received, but the certificate was not accepted because the CA certificate could not be located or couldn`t be matched with a known, trusted CA

 

So,

When I do a ‘Configuration evaluation Tool’, then the user would hit the right rule.
What is going wrong here?

 

16196f0d3ab24a0282d1d7dfba025078_f1a054d1-a472-49d7-b46d-f9b064fbdbf7.png

 

 

5 REPLIES 5

Ryan_Yacobucci
Extreme Employee

I see the authentication type of "802.1x (PEAP)". In the context of 802.1x PEAP/MsChapv2 authentication the only certificate transaction that occurs is the RADIUS server will send it's certificate to the client to establish a TLS session.

This is an indication that the client cannot validate the RADIUS server certificate.

Extreme Control is shipped with a self signed certificated that will always fail validation. You must either de-select "validate server certificate" in the Windows supplicant configuration, or install a RADIUS server certificate signed by a well known commercial authority who's root certificate is already installed on the client.

Check out this article:

https://extremeportal.force.com/ExtrArticleDetail?an=000063172

Thanks
-Ryan

James_A
Valued Contributor

What device is it? Also make sure it has the correct time, since if it’s wrong it’s likely the client won’t trust the certificate.

Sacha_Brys
Contributor

@James A : how can I check this trust between the client and the RADIUS server’s certificate?
thanks in advance
greetz

James_A
Valued Contributor

And does the client trust the RADIUS server’s certificate CA?

GTM-P2G8KFN