Anton - This sounds a bit like a problem with the OIDs that are in the certificate. Microsoft expects the certificate to have a authentication server attribute.
If you go to http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm#6 and look for "xpextensions" you can get the OID numbers that are needed. I suspect that the Verisign cert is meant to be a Web server cert. You should be able to fire up MMC on your server, and examine the certificate to see if the needed OIDs are included. You might also want to check out http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_vpn_und15.asp and look under "Certificate requirements for EAP". Hope this helps a little... ;) ---------- Chris "Spanky" Hessing Networking University of Utah [EMAIL PROTECTED] Marriott Library Friends are people that know everything about you, but love you anyway. On Tue, 23 Mar 2004, Anton Royce wrote: > Hi, > > We use 802.11b as our wireless network standard at the University of > Auckland. We use 802.1x with PEAP to authenticate users to connect to the > wireless network. > In order to use that we have > RADIUS server (Windows 2003 IAS) > Active Directory mixture of Windows . > > I have bought a VERISGN certificate and installed in the IAS server. Since > then , I have installed the certificate and > Client site, I have tick the validate server certificate and selected the > trusted certificate authority root as verisign, but > clients are unable to connect to the network. I will be getting following > error in the event log. Please help > > Could not retrieve the Remote Access Server's certificate due to the > following error: The credentials supplied to the package were not recognized > > Access request for user EC\kant004 was discarded. > Fully-Qualified-User-Name = <undetermined> > NAS-IP-Address = 130.216.93.238 > NAS-Identifier = wap-409-g09 > Called-Station-Identifier = 000e.8331.0750 > Calling-Station-Identifier = 0004.2385.1226 > Client-Friendly-Name = City Access Points > Client-IP-Address = 130.216.93.238 > NAS-Port-Type = Wireless - IEEE 802.11 > NAS-Port = 465 > Proxy-Policy-Name = <none> > Authentication-Provider = <undetermined> > Authentication-Server = <undetermined> > Reason-Code = 1 > Reason = An internal error occurred. Check the system event log for > additional information. > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > > > Anton K. Royce > Senior Network Analyst Research & Development > ITSS > The University of Auckland > Ph: (09) 373 7599 Ext: 82953 > Mob: 021 533 418 > Email: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > ********** > Participation and subscription information for this EDUCAUSE Constituent Group > discussion list can be found at http://www.educause.edu/cg/. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
