How could peap authentication be successful with out server certificate on the client i mean its not installed or autoenrolled on the client which is an windows xp with sp2.
I am using ACS appliance which runs 4.0 and has a self-signed certificate in it.
i am believing no one could login to the network with out the certificate in the client either physically installed or auto enrolled but i couls able to login with out certificate.how could this be possible.
For PEAP, the certificate is there for the client to validate that it is connecting to the right server; it is not there to support validating the client TO the server.
Verifying the validity of the server prevents / reduces the chance that someone is executing something like a "Man-in-the-Middle" attack.
If you are trying to verify the client to the server (server validates the client), then you need something like EAP-FAST or EAP-TLS ... EAP-TLS wold require a certificate on the client.
Choosing an auth/auth scheme will depend on who/what you are trying to protect, and where you judge the higher risk is most likely to occur.
In this case, the cert required by PEAP is there to protect the client against connecting to a malicious user who is acting as the authentic portal into a networking system (i.e., to steal credentials or information).