I have a case open on this but I thought I'd throw it out to the community to see if anyone has run across this.
I'm running UAC 3.1R4 (just upgraded from 3.0R1 last weekend and saw this same issue on that code revision). I'm using EAP-TTLS with EAP-JUAC as the inner protocol. UAC is using native AD as the backend auth server and everything works just fine with that configuration. I use OAC 4.72 and 5.10 as the client in this configuration.
However, when I try to add any other inner protocol to the .1x authentication set, I cannot authenticate with AD creds. In fact, even if I add other outer protocol, such as EAP-PEAP, the only inner protocol that will work with it is EAP-JUAC. I've tried multiple clients (Windows and WIndows CE) with this and none work (not using JUAC as the inner protocol in those tests, obviously).
A twist is that if I switch the auth server for the realm to native admin creds, any combination of outer and inner EAP protocols works just fine.
Looks like a bug to me and JTAC is having me redo the AD setup, but I'm not confident this is going to help the situation at all. Thanks in advance...
we use EAP-TTLS with EAP-JUAC and EAP-MSCHAPv2 with 3.1R4 and AD LDAP. We have used both 2003 and 2008 successfully. Are you using LDAP or the Native AD connections?
I am the engineer that was working on the issue that this thread pertains to. The issue was found to be related to our documentation and the fact that UAC requires the NETbios domain name to be configured in the domain name section of the Auth Server.
Although this implementation will generate an error when the test button is pressed(a bug), this configuration will allow all authentication protocols to be used successfully.
Authentication with EAP-TTLS/PEAP with inner method EAP-MSCHAPv2 against windows 2008 AD, will *not* work bydefault.. I have tested this, a KB for this is on the way. Please try using older cryptographic algorithms that are compatible with windods NT.
How to use older cruptographic algorithm?
Authentication should work well for all protocols against windows 2003 AD. If you see the problem with win 2003 AD as well, please open a case with JTAC.