• October 15, 2024, 04:07:06 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: SSID using internal Radius will not connect to Windows 7 x64  (Read 12607 times)

lndshrk

  • Level 1 Member
  • *
  • Posts: 4
SSID using internal Radius will not connect to Windows 7 x64
« on: October 08, 2015, 10:29:00 PM »

First, I'll answer the question I'll be asked - yes, contacted USA support and they can't answer - ticket is C6750524 - A1 and 1.1

Now, that out of the way...

I have setup the primary SSID to use the internal radius server in 802.1x PEAP mode.  Added users, etc.

I can connect easily to iOS and Android devices - so I know it's working

I cannot connect to Windows 7 x64 using the radius-enabled SSID

It connects fine using a seconday WPA2 SSID

In discussion with Business-class support (nice guy - this is just a weird problem they haven't seen before) it seems like it might be a certificate issue.

We tried a number of things, with no joy.

I decided to "try something" and created certificates using OpenSSL.

Successfully created a Root Certificate Authority, an Intermediate Certificate Authority, and a device key.

No matter WHAT format I convert the device cert into - the DAP-2695 says it's the wrong format.

Ideas?

Jim
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: SSID using internal Radius will not connect to Windows 7 x64
« Reply #1 on: October 09, 2015, 07:24:07 AM »

Welcome!

I'll see if I can get some additional review on this. Please be patient.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

lndshrk

  • Level 1 Member
  • *
  • Posts: 4
Re: SSID using internal Radius will not connect to Windows 7 x64
« Reply #2 on: October 16, 2015, 11:47:36 PM »

Some updates...

I have found how to get this AP to connect to W7 **WITHOUT** using a certificate.  (I have a procedure - if anyone needs it, ask!)

You CANNOT make it connect USING a certificate because the certificate it tries to use is:

1) Invalid (and)

2) NOT REPLACEABLE.

Replacing the "SSL Certificate" on the AP only allows you to have proper HTTPS:// connection to the AP

The RADIUS server continues to use an INVALID certificate that seems to be "ww@alphanetworks" which uses an untrusted cert authority.

If you understand 802.1x you can see why this is a problem because it peels back one layer of security from PEAP.

Who "engineers" a system with an INVALID and IRREPLACEABLE certificate.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: SSID using internal Radius will not connect to Windows 7 x64
« Reply #3 on: October 17, 2015, 10:22:29 AM »

Please post this information on how to correct this issue on this model DAP.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

lndshrk

  • Level 1 Member
  • *
  • Posts: 4
Re: SSID using internal Radius will not connect to Windows 7 x64
« Reply #4 on: October 29, 2015, 03:19:47 PM »

I cannot "correct the issue".

I can WORK AROUND THE ISSUE by ignoring certificate verification on WPA-Enterprise.

This is a "work around" at best.

D-Link Engineering really do need to get their act in gear and fix this with a firmware update
or at least give ME the opportunity to change the certificate for the Radius server.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: SSID using internal Radius will not connect to Windows 7 x64
« Reply #5 on: October 30, 2015, 12:41:33 PM »

I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.
Let us know how it goes please.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

lndshrk

  • Level 1 Member
  • *
  • Posts: 4
Re: SSID using internal Radius will not connect to Windows 7 x64
« Reply #6 on: December 05, 2015, 08:25:20 PM »

If you actually READ my first post you'd see that that was the FIRST thing I did.

I even listed the TICKET number.

You seem to have a wrote answer for almost everything.  "I recommend that you phone contact your regional D-Link support office and ask for help"

Did that before I posted here to AVOID the canned answer.

How about trying to get D-Link engineers to actually look at it and fix it.

They really have TWO choices:

1) Release new firmware with a VALID certificate and give us the public for same

2) Release new firmware that allows the certificate to be replaced by the end user.

It's kind of an either/or proposition
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: SSID using internal Radius will not connect to Windows 7 x64
« Reply #7 on: December 05, 2015, 09:38:33 PM »

This is beyond forum help and needs to be addressed and reviewd by phone support. Please contact then about this. You can reference this thread for there review as well. Good Luck.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.