Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

UAC with AD integration, only EAP-JUAC works as inner protocol

Wrathchild_
New Contributor
‎05-20-2010 08:41:AM
‎05-20-2010 08:41:AM

UAC with AD integration, only EAP-JUAC works as inner protocol

I have a case open on this but I thought I'd throw it out to the community to see if anyone has run across this.

I'm running UAC 3.1R4 (just upgraded from 3.0R1 last weekend and saw this same issue on that code revision). I'm using EAP-TTLS with EAP-JUAC as the inner protocol. UAC is using native AD as the backend auth server and everything works just fine with that configuration. I use OAC 4.72 and 5.10 as the client in this configuration.

However, when I try to add any other inner protocol to the .1x authentication set, I cannot authenticate with AD creds. In fact, even if I add other outer protocol, such as EAP-PEAP, the only inner protocol that will work with it is EAP-JUAC. I've tried multiple clients (Windows and WIndows CE) with this and none work (not using JUAC as the inner protocol in those tests, obviously).

A twist is that if I switch the auth server for the realm to native admin creds, any combination of outer and inner EAP protocols works just fine.

Looks like a bug to me and JTAC is having me redo the AD setup, but I'm not confident this is going to help the situation at all. Thanks in advance...

0 Kudos
3 REPLIES 3
jp01_
Occasional Contributor
‎06-07-2010 07:30:AM
‎06-07-2010 07:30:AM

Re: UAC with AD integration, only EAP-JUAC works as inner protocol

we use EAP-TTLS with EAP-JUAC and EAP-MSCHAPv2 with 3.1R4 and AD LDAP. We have used both 2003 and 2008 successfully. Are you using LDAP or the Native AD connections?

0 Kudos
Rabbit_
Contributor
‎06-07-2010 10:59:AM
‎06-07-2010 10:59:AM

Re: UAC with AD integration, only EAP-JUAC works as inner protocol

Hi JP,

I am the engineer that was working on the issue that this thread pertains to. The issue was found to be related to our documentation and the fact that UAC requires the NETbios domain name to be configured in the domain name section of the Auth Server.

Although this implementation will generate an error when the test button is pressed(a bug), this configuration will allow all authentication protocols to be used successfully.

Regards,

Rich

0 Kudos
Raveen_
Regular Contributor
‎06-30-2010 12:20:AM
‎06-30-2010 12:20:AM

Re: UAC with AD integration, only EAP-JUAC works as inner protocol

Authentication with EAP-TTLS/PEAP with inner method EAP-MSCHAPv2 against windows 2008 AD, will *not* work bydefault.. I have tested this, a KB for this is on the way. Please try using older cryptographic algorithms that are compatible with windods NT.

How to use older cruptographic algorithm?

Refer: http://support.microsoft.com/kb/942564

Authentication should work well for all protocols against windows 2003 AD. If you see the problem with win 2003 AD as well, please open a case with JTAC.

Thank you.

Regards,

Raveen

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.