ACS 3.3 PEAP authentication problem

Unanswered Question

Hello,


We're running ACS 3.3 on a Windows 2003 server. We're using this server for Radius and integrating a Windows database.


Our wireless clients use PEAP to authenticate.


Suddenly none of our wireless clients can authenticate throughout our enterprise, which is turning out to be quite a serious problem.


Our configuration hasn't changed. I'm wondering if something happened to our certificate. We're using a self signed certificate that we generated via ACS.


Can I simply issue a new cert via ACS and see what happens?


I'm really in a bind right now.

Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.8 (5 ratings)
Loading.
Jagdeep Gambhir Fri, 06/20/2008 - 06:32
User Badges:
  • Red, 2250 points or more

Self sign certs are only valid of one year. Since all wireless users cant connect, I believe that ACS cert has expired.


Please go ahead and install new SSCert.


Regards,

~JG


Do rate helpful posts

Jagdeep Gambhir Fri, 06/20/2008 - 08:42
User Badges:
  • Red, 2250 points or more

Yes, that is all we need to do. It will not effect any other settings.




Regards,

~JG




Hello JG,

You are correct, thanks. Just paranoid, I guess.


In the ACS System Configuration to generate a new self signed cert, I want to make sure I don't need to change the any of the fields that are already entered. It looks like I just need to enter the private key password, and then check the box to "Install generated Certificate", and submit.

Thanks,

John



Jagdeep Gambhir Fri, 06/20/2008 - 14:11
User Badges:
  • Red, 2250 points or more

John,

Please check your group mapping. It may be possible that user is getting mapped to disabled group.


If that is not the issue then we need to see auth.log , that will tell us what is the reason for failure.


Increase the loggin level to full and recreate the issue and see auth.log



Regards,

~JG

Jagdeep Gambhir Mon, 06/23/2008 - 05:12
User Badges:
  • Red, 2250 points or more

John,

I hope installing acs on another server, fixed it.



All the best !



Regards,

~JG


Actions

This Discussion