000012228 - Configuring remote authentication without radius using EAP Client on Windows 7

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012228
Applies ToRSA EAP Client 7.1
RRAS
Windows Vista
Windows 7
Remote Authentication
IssueConfiguring remote authentication without radius using EAP Client on Windows 7
Configuring remote authentication without radius using EAP Client on Vista
Remote Authentication without radius does not work
Error 691 Access denied because username or password, or both, are not valid on the domain.
ResolutionPlease follow the below procedure

On  RRAS Server:

  1. Open Routing and Remote Access.

Start -- > Control Panel -- > Administrative Tools -- > Routing and Remote Access

 

  1. Click on the Remote Access policies in the Routing and Remote Access window.

 

  1. Delete the existing Remote Access policies in the right frame, if any.

 

  1. Right click on Remote Access Policies in the left frame and select New Remote Access policy and click on ?Next? button of wizard.

 

  1. Enter a name in the Policy name text box and click on the ?Next? button.

 

  1. Select VPN/Dial-up based on requirement and click on the ?Next? button.

 

  1. Select User in ?User or Group Access? and click on the ?Next? button.

 

  1. Select EAP method & select ?RSA Security EAP? or ?RSA Security EAP ? Protected OTP? from dropdown list and uncheck all the other methods and click on the ?Next? button.

 

  1. Select ?strongest? encryption and click on the ?Next? button.

 

  1. Click on ?Finish? button to complete the wizard.

 

  1. Now right click on the newly created Remote Access policy and select properties.

 

  1. Remove the previous policy conditions and Click the Add button to open the Select Attribute window.

 

  1. Double click on Day-and-Time Restrictions in the Attribute type and enable the ?Permitted? radio button and click Ok button.

 

  1. Check the ?Grant Remote Access Permission? radio button.

 

  1. Click on the ?Edit Profile? button.

 

  1. In the Edit Profile dialog box, click on the Authentication tab.

 

  1. Select Extensible Authentication Protocol, and clear all other methods. See that ?RSA Security EAP? or ?RSA Security EAP - Protected OTP? will be selected / displayed whichever selected earlier or select whichever EAP method required.

 

  1. Click on the Encryption tab and see that strongest encryption is selected and clear all other encryption options.

 

  1. Click the Advanced tab and in the Attributes section, remove all connection attributes.

 

  1. Click OK and then Finish button to close the RRAS window.

 

  1. Make sure that the newly created policy properly configured in the right frame and then restart the RRAS server.
WorkaroundUser/Group profile is not created on RRAS Server. This is a requirement for remote authentication without radius.
Legacy Article IDa48900

Attachments

    Outcomes