[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[T57W] 802.1X EAP-TLS Authentication problem
Author Message
HelmiSokrates Offline
Junior Member
**

Posts: 1
Joined: Aug 2023
Reputation: 0
Post: #1
Question [T57W] 802.1X EAP-TLS Authentication problem
Hello,

we are struggling with implementing 802.1x Authentication on our T57W phones.
But NPS denies the connection due to different reasons.

I'll try to explain our config as simple as possible:

Active Directory
Created AD user with MAC address as username

Microsoft CA (server role)
General / Publish in AD: yes
Certificate template for Client Authentication
Subject Name / Build from AD information: yes
Subject Name / Build from AD information / settings: Fully dist. name, include UPN
Issuance Requirements / This number of authorized signatures: 1
Request Handling / Purpose: Signature and encryption
Request Handling / Allow private key to be exported: yes
Request Handling / Enroll subject without requiring user input: yes
Cryptography / Provider Category: Key Storage Provider
Cryptography / Algorithm: ECDH_P384
Cryptography / Minimum size: 384
Cryptography / Provider: Microsoft Software Key Storage Provider
Cryptography / Request Hash: SHA256

-> I created a cert from this template on behalf of the user created before and this cert is available in the users "Published Certificates" tab

Phone UI settings
For testing I configured the settings directly via the Phone UI (attachment 802.1x_DeviceSettings.png).
  • here i uploaded the user certificate as device certificate
  • CA cert is our root CA certificate
  • identity is the MAC adress of the phone
  • MD5 pwd is empty

Microsoft NPS

NPS Connection Request Policy
Conditions
User Name regex MAC address
Settings
Authentication: Local Computer
-> this works

NPS Network Policy
Conditions
Nas Port Type = Ethernet
User Groups = AD group that contains specified AD user
Constraints
Authentication Methods = EAP/PEAP (with EAP type "smartcard or certificate")
Certificate for identification: server cert of NPS server

Result
NPS show following in the event log (shortened):

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
Security ID: DOMAIN\123456789012
Account Name: 123456789012
Account Domain: DOMAIN
Fully Qualified Account Name: domain.local/802.1X/Phones/123456789012

Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
Called Station Identifier: 10-4f-58-97-ba-00
Calling Station Identifier: 12-34-56-78-90-12

Authentication Details:
Connection Request Policy Name: ConReqPolPhone
Network Policy Name: NetPolPhone
Authentication Provider: Windows
Authentication Server: server.domain.local
Authentication Type: PEAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 300
Reason: No credentials are available in the security package


I think I missed a simple setting or something like that, but I don't have any idea what I can try else.

I also read the Whitepaper before, but that doesn't help me:
https://support.yealink.com/forward2down...8apeJJtP8=

Regards
Florian


Attached File(s) Thumbnail(s)
   
08-08-2023 01:38 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Messages In This Thread
[T57W] 802.1X EAP-TLS Authentication problem - HelmiSokrates - 08-08-2023 01:38 PM

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  T57W shows missed call twice 618IT 0 180 07-01-2024 10:28 AM
Last Post: 618IT
  T57W Enhanced Monitored Extensions - BLF Status bcramer 0 300 06-13-2024 01:21 AM
Last Post: bcramer
  T57W with DD10K Registration Failed for Handset dmmincrjr 1 573 06-05-2024 09:17 PM
Last Post: dmmincrjr
  lock custom wallpaper T57w Dale Erickson 0 386 05-28-2024 12:54 AM
Last Post: Dale Erickson
  T57W USB Quit Working card820 4 2,727 05-09-2024 09:51 AM
Last Post: zepha900
  T57W/T58W Wifi Access point disablement cpalmateer 0 636 03-07-2024 06:39 AM
Last Post: cpalmateer
  Different ringers for BLF's on T57W twood 0 956 11-09-2023 06:02 AM
Last Post: twood
  T57W Call Muffled bcramer 2 1,985 10-13-2023 08:00 AM
Last Post: bcramer
  T57W randomly rebooting mmarino51589 4 3,972 05-25-2023 02:54 PM
Last Post: CREPSBX
  Telecoil Mode T57W Flask8612 0 1,288 04-10-2023 08:38 PM
Last Post: Flask8612

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication