Reset Search



Why supplicant fails to authenticate using EAP-MSCHAPv2 on WiNG?

« Go Back


TitleWhy supplicant fails to authenticate using EAP-MSCHAPv2 on WiNG?
What are the most probable mistakes resulting into LDAP based authentication not working using WiNG software?
  • All Summit WM3000 Series Controllers
  • ExtremeWiNG Controllers
  • WirelessWiNG Controllers
  • ExtremeWiNG Access Points
  • WirelessWiNG Acess Points
  • WiNG 5.5+ Software
When configuring Active Directory based authentication on WiNG you may experience issues with (some) clients.

First of all confirm your configuration is compliant with How to set internal RADIUS server on WiNG with LDAP based authentication?

Make sure that BIND DN account is member of Domain Admin

User-added image

Confirm that LDAP agent (BIND DN) is joined with domain controller correctly under Statistics - System - select device acting as RADIUS server - LDAP Agent Status

User-added image

TIP: Make sure the domain name is correct checking 1B parameter on a PC using command below
C:\Users\> nbtstat -a <IP of LDAP server>
Node IpAddress: [w.x.y.z] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    EXTRBRNO       <1B>  UNIQUE      Registered

If LDAP agent is unable to join the domain, make sure it is not affected by this case - Why does Windows server not respond to NBNS to different subnet?

Then make sure you selected Authentication type of PEAP-MS-CHAPv2 under Services - RADIUS - Policy - Server Policy

User-added image

If there is still an issue try to disable LDAP group verification

User-added image

In case when all above fails and supplicant is still unable to authenticate make sure that you use wireless network profile using proper authentication type. For Windows clients you may find some MSDN articles describing how to do this.

Additional notes



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255