EAP Messages
This appendix describes EAP-FAST, PEAP-GTC and LEAP error messages and prompts. This appendix also provides guidelines for creating strong passwords.
The following topics are covered in this appendix:
•EAP-FAST Error Messages and Prompts
•PEAP-GTC and LEAP Error Messages and Prompts
•Creating Strong Passwords
EAP-FAST Error Messages and Prompts
Error Message Automatic PAC provisioning is enabled for this profile. However, a
valid PAC that matches the server to which the client adapter is connecting could
not be found. Do you wish to obtain a new security credential (PAC)?
Recommended Action Click Yes to provision a new PAC for this server using your existing credentials or click No to cancel the operation. If you click No, the client adapter will fail the authentication.
Caution
To prevent possible attacks from rogue access points, do not reprovision a PAC unless it is necessary.
Error Message While attempting to provision your PAC during auto-provisioning, the
network access device failed to authenticate itself. This condition might indicate
an attack on your password by a rogue access device. Try again with your current
password?
Recommended Action Click Yes to attempt to reauthenticate with your current password. Click No to cancel the operation.
Note If the authentication attempt fails again, contact your system administrator to report a rogue access device. Use strong passwords in the future to reduce the chance of your password being compromised; see the "Creating Strong Passwords" section for tips on creating strong passwords.
Error Message While attempting to provision your PAC, the network access device timed
out. A timeout might indicate an attack on your password by a rogue access device.
However, a timeout could be caused by a server outage or a faulty connection. Try
again with your current password?
Recommended Action Click Yes to attempt to reauthenticate with your current password. Click No to cancel the operation.
Note If a timeout occurs again, contact your system administrator to report a potential rogue access device. Use strong passwords in the future to reduce the chance of your password being compromised; see the "Creating Strong Passwords" section for tips on creating strong passwords.
Error Message A valid PAC was not found for your username <username>. Click OK.
Re-enter your username in the credential prompt or the User Credentials tab of the
EAP-FAST Properties screen. If you entered your username correctly, go to the
Connection tab of the EAP-FAST Properties screen either to enable automatic PAC
provisioning or Validate server certificate or import a PAC file.
Recommended Action Click OK. Then perform one of the following:
–Re-enter your username.
–If you entered your username correctly, go to the Connection tab of the EAP-FAST Properties screen either to enable automatic PAC provisioning or to import a PAC file.
Error Message The EAP-FAST authentication attempt failed because you entered the
wrong username and password. Please re-enter your username and password.
Recommended Action Click OK. Then re-enter your EAP-FAST credentials when the Enter Wireless Network Password screen appears.
Error Message The EAP-FAST authentication attempt failed because you might have
entered the wrong username and password. Please re-enter your username and
password.
Warning: If you are sure that you have typed in the right username and password, you may have connected to a rogue device. This can indicate an attack on your password. Using a strong password will reduce the chance of your password being compromised. If this failure happens again, contact your system administrator to report a potential rogue access device.
Recommended Action Click OK. Then perform one of the following:
–If you entered your EAP-FAST credentials correctly, contact your system administrator to report a potential rogue access point. Use strong passwords in the future to reduce the chance of your password being compromised. See the "Creating Strong Passwords" section for tips on creating strong passwords.
–If you entered your EAP-FAST credentials incorrectly, re-enter your credentials at the Enter Wireless Network Password screen.
–If the username does not match the provisioned PAC, and automatic provisioning is enabled for this profile, click Yes at the following message: "You do not appear to be registered with the authentication server. Registration requires that this device be initialized with a security credential. Do you wish to obtain a security credential?"
–If the username does not match the provisioned PAC, and manual provisioning is enabled for this profile, go to the Connection tab of the EAP-FAST properties dialog box and either enable automatic PAC provisioning or import a PAC file.
Error Message PAC provisioning has failed. This failure is not related to an issue
with the username and password. This failure is commonly caused by a server
configuration issue. Contact your administrator for assistance.
Recommended Action Contact your system administrator for assistance.
Error Message The PAC that you selected for this profile does not match the server
to which the client is connecting. However, a matching PAC has been found in your
PAC database. Would you like to use this matching credential authority and save
it to the profile?
Recommended Action Click Yes to use the matching PAC and to update the profile with this new PAC, or click No to cancel the operation and to leave the profile as it is. If you click No, the client adapter will be unable to authenticate using the existing profile.
Error Message You entered different values in the New Password field and the Confirm
New Password field. The passwords must be identical. Please try again.
Recommended Action Re-enter your new password in both fields.
Error Message The password that you entered in the Old Password field does not match
the password that you previously used. Please try again.
Recommended Action Re-enter your old password in the Old Password field.
Error Message An error occurred when you attempted to change your EAP-FAST password.
The new password might not conform to the server's password policy. Please try
again.
Recommended Action Re-enter your password in the Change Password screen.
Error Message The EAP-FAST authentication process failed during initialization. Make
sure that EAP-FAST and the Trusted Root Certificate Authority certificate are
installed correctly.
Recommended Action Ensure that EAP-FAST and the Trusted Root Certificate Authority certificate are installed correctly.
Error Message You have connected to a server with the following server name
<server_name>
The server certificate is signed by the following Root Certification Authority (CA):
<root_ca>
This Root CA does not match the specified trusted Root CA(s).
Do you want to accept this connection?
Warning: Connecting to a server signed with untrusted CA might compromise your security.
Recommended Action If you want the client adapter to connect to this server even though doing so might present a security risk, click Yes. Otherwise, click No.
Error Message You have connected to a server with the following server name:
<server_name>
This server name does not match the specified server name(s).
Do you want to accept this connection?
Warning: Connecting to an unsecured server might compromise your security.
Recommended Action If you want the client adapter to connect to this server even though doing so might present a security risk, click Yes. Otherwise, click No.
Error Message Your password has expired. Please enter a new password.
Recommended Action Enter a new password to change the expired password.
Error Message You entered an empty username, which is not allowed.
Recommended Action Enter a username.
Error Message You must select a PAC when using manual PAC provisioning.
Recommended Action You clicked OK on the EAP-FAST Properties screen when automatic provisioning was disabled and no PAC authority was selected. Either enable automatic provisioning or choose a PAC authority from the drop-down list. If the list is empty, import a PAC file.
Error Message Error opening or reading file: <filename>.
Recommended Action Try to import the PAC file again. If the same message appears, obtain a new PAC file from your system administrator and import it again.
Error Message The file is not a valid PAC file: <filename>.
Recommended Action Try to import the PAC file again. If the same message appears, obtain a new PAC file from your system administrator and import it again.
Error Message The file does not contain a valid PAC: <filename>.
Recommended Action Try to import the PAC file again. If the same message appears, obtain a new PAC file from your system administrator and import it using the EAP-FAST Settings screen.
Error Message The file contains a PAC that will replace an existing PAC already
provisioned on your system. Would you like to replace the existing PAC?
Recommended Action Click Yes to replace the existing PAC with the new one from the imported file, or click No to cancel the operation.
Error Message The password you entered to import the PAC file is incorrect. Please
try again.
Recommended Action Try entering your password again.
Error Message The PAC file import operation has been aborted because of three or more
attempts of incorrect passwords.
Recommended Action Press OK to continue.
Error Message An internal error occurred.
Recommended Action An internal error occurred when the PAC was being imported. Try importing the PAC again.
Error Message Insufficient memory or other system error.
Recommended Action Close other programs and free up some more memory.
Error Message You must select "Validate server certificate" or a PAC to use user's
certificate or one-time password for authentication.
Recommended Action One-time password or user certificate is selected as the user credential, but there is no PAC selected or Validate Server Certificate option is not checked. Change the settings.
Error Message You tried to import a PAC file with the same PAC ID as a previously
imported or provisioned PAC. Would you like to replace the existing PAC?
Recommended Action Click Yes to replace the existing PAC with the new one from the imported file, or click No to cancel the operation.
PEAP-GTC and LEAP Error Messages and Prompts
Error Message There is an error in the configuration profile. Please verify the
configuration and save it.
Recommended Action Authentication with this profile fails until the profile is fixed. Contact your network administrator for assistance with fixing the profile.
Error Message No trusted CA(s) selected.
Recommended Action Select at least one trusted CA, or allow the user to authorize new trusted CAs.
Error Message You entered an empty username, which is not allowed.
Recommended Action Enter a username.
Error Message You entered different values in the Password field and the Confirm
password field. The passwords must be identical.
Recommended Action Re-enter your password in both fields.
Error Message You entered different values in the New Password field and the Confirm
New Password field. The passwords must be identical.
Recommended Action Re-enter your password in both fields.
Error Message The password that you entered in the Old password field does not match
the password that was used previously.
Recommended Action Re-enter your old password in the Old password field.
Error Message You have connected to a server with the following server name:
<server-name>
This server name does not match the specified server name(s).
In addition, the server certificate is signed by the following Root Certification Authority (CA):
<ca-name>
This Root CA does not match the specified trusted Root CA(s).
Do you want to accept this connection?
Warning: You might compromise your security if you connect to an unsecured server that is signed by an untrusted Root CA.
Recommended Action If you want to connect to this server even though it may present a security risk, click Yes. Otherwise, click No.
Error Message You have connected to a server with the following server name:
<server-name>
The server certificate is signed by the following Root Certification Authority (CA):
<ca-name>
This Root CA does not match the specified trusted Root CA(s).
Do you want to accept this connection?
Warning: You might compromise your security if you connect to an unsecured server that is signed by an untrusted Root CA.
Recommended Action If you want to connect to this server even though it may present a security risk, click Yes. Otherwise, click No.
Error Message You have connected to a server with the following server name:
<server-name>
This server name does not match the specified server name(s).
Do you want to accept this connection?
Warning: You might compromise your security if you connect to an unsecured server.
Recommended Action If you want to connect to this server even though it may present a security risk, click Yes. Otherwise, click No.
Error Message The operation was canceled by the user.
Recommended Action Contact your network administrator for further assistance.
Error Message The authentication failed because Windows does not have the
authentication method required for this network.
Recommended Action Contact your network administrator for further assistance.
Error Message Windows cannot connect to this network.
The user credentials were rejected by the server.
Recommended Action Contact your network administrator for further assistance.
Error Message Windows cannot connect to this network.
There is a problem with the certificate on the server required for authentication.
Recommended Action Contact your network administrator for further assistance.
Error Message Windows cannot connect to "<network-name>"
Wireless authentication failed.
Recommended Action Contact your network administrator for assistance with the specified network.
Error Message The authentication failed because of unknown reason. The error
condition was reported by cryptographic subsystem.
Recommended Action Contact your network administrator for further assistance.
Error Message The network device failed to authenticate itself.
The failure can indicate an attack on your password.
Recommended Action Use a strong password to reduce the risk of compromising your password. For more information about creating a strong password, see the "Creating Strong Passwords" section. If the authentication attempt fails again, contact your system administrator to report a rogue access device.
Creating Strong Passwords
Never write passwords down, on paper or online. Instead, create passwords that you can remember easily but no one can guess easily. One way to do this is create a password that is based on a song title, affirmation, or other phrase. For example, the phrase could be "This May Be One Way To Remember" and the password could be "TmB1w2R!" or "Tmb1W>r~" or some other variation.
Note Do not use either of those examples as passwords.
Characteristics of Strong Passwords
Strong passwords have the following characteristics:
•Contain both upper and lower case characters (e.g., a-z, A-Z).
•Contain numerals and punctuation as well as letters (e.g., 0-9, !@#$%^&*()_+|~ =\`{}[]:";'<>?,./)
•Are at least five alphanumeric characters long.
•Are not a word in any language.
•Are not slang, dialect, or jargon.
•Are not based on personal information, such as the names of family members.
Characteristics of Weak Passwords
A weak password has the following characteristics:
•Contains fewer than eight characters.
•Is a word found in a dictionary (English or foreign)
•Is any other term that is easily guessed or found in common usage. The following are examples of terms that are easily guessed:
–The name of family, pet, friend, coworker, or fantasy character.
–A computing term or name, such as a command, site, company, model, or application.
–A birthday or another kind of personal information, such as an address or telephone number.
–A predictable letter pattern or number pattern, such as aaabbb, qwerty, zyxwvuts, or 123321.
–Any of the above spelled backwards.
–Any of the above preceded or followed by a digit.
Password Security Basics
Follow these basic guidelines when dealing with passwords:
•Never reveal a password, even to family members.
•Never talk about a password in front of others.
•Never hint at the format of a password (such as "my family name").
•Never use characters from outside the standard ASCII character set. Some symbols, such the pound sterling symbol (£), are known to cause login problems on some systems.