RADIUS EAP/PEAP authentication problem after no issues for over a year +

  • 1
  • Question
  • Updated 10 months ago

We have been running the SZ100 RADIUS option to authenticate users to our AD using a NPS. 

Yesterday users were no longer able to connect.  Log files on the SmartZone 100 show codes of 203 - Client failed to join.  On the RADIUS server the error show wrong authentication protocol (EAP)is being used.  Should be using PEAP. 

Why would the SZ100 configuration change the authentication protocol?

Anybody else have this happen to them?

Photo of brian koomen

brian koomen

  • 11 Posts
  • 0 Reply Likes

Posted 10 months ago

  • 1
Photo of Jeronimo

Jeronimo

  • 243 Posts
  • 26 Reply Likes
The eap packet is negotiated between client device and the authentication server.

SZ does not control eap.

Could you show me log which you found?
Photo of Jakob Peterhänsel

Jakob Peterhänsel

  • 90 Posts
  • 29 Reply Likes
Test directly from the SZ with a known, working, user/pass.If that works, the Radius connection works, and it's between the client and AP and/or auth server, as Jeronimo writes above.
Photo of brian koomen

brian koomen

  • 11 Posts
  • 0 Reply Likes

Thanks for the replies.

I ended up rebooting the NPS server first (since updates were pending) but this did not correct the problem.  However, I did see in the NPS log files that PEAP protocol was now being used by the clients.  I found this to be very strange.

At that point I decided to rebooted the SZ.  On reboot the SZ went into a perpetual reboot status screen (counter would count down to 0 and then start counting down again).  SZ never came out of this screen.  Could not reach the SZ using CLI.  I had power cycle the SZ to boot up properly.  After checking some logs files and NOT making any config changes, the client started to authenticate successfully.

:P