Authentication issue with ACS (PEAP with MS CHAPv2)

Unanswered Question
Aug 10th, 2007
User Badges:

Dear friends,

we have a Cisco ACS 4.1 and as long as we worked with EAP-FAST we had no problems. For Security reasons it was decided we switch to PEAP with MS-CHAPv2 for the inner authentication.

We installed a PKI Server Certificate on the ACS Server without any problems and then exported the ACS Radius Server Certificate along with the CA Certificates to the Clients Certificate Store. But the client just does not authenticate against the ACS Server with PEAP as soon as we enable "validate Server Certificate" (with validate Server Certificate disabled it works perfrectly). Can you help us ? Thanks so much. We use the ACS internal Database.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jagdeep Gambhir Fri, 08/10/2007 - 07:16
User Badges:
  • Red, 2250 points or more

If you click validate server cert, then you need to have CA installed on the client.

Since you dont have CA installed that is why its not working.




This Discussion



Trending Topics - Security & Network