customer has a wireless solution consisting of a AIR-WLC4402-50-K9 with software 18.104.22.168, several AIR-LAP1131AG-E-K9 Access Points , Cisco ACS 4.0, Windows 2003 Active Directory and a Microsoft CA.
WLC & ACS are configured for PEAP(MS-CHAPv2) plus machine authentication on acs.
on wlan-clients (mostly centrino-notebooks) this security solution configured with windows configuration service works fine...host AND user (both!) must successfully authenticate themselves against acs to gain access.
but with intel wireless proset-software version 11.1 it's enough to successfully authenticate as host OR user (not both!). this looks like a bug and is a really heavy security hole.