02-05-2009 12:02 PM - edited 03-10-2019 04:19 PM
Hello ,
I have been trying to configure 802.1x Authentication on a test switch . Authentication will be provided by the ACS server . This worked when I had the client setup for EAP-MD5 and had local user accounts on the ACS server . However this is impractical if we were to deploy this on a large scale. How can i configure 802.1X authentication to occur via the ACS with the ACS looking at the AD database . The trouble is AD does not support EAP-MD5. It supports PEAP but the problem I am having is "EAP-TLS or PEAP authentication failed during SSL handshake "
Has anyone here setup 802.1x with AD integration via ACS 4.0 . Please help.
Thanks.
Karthik
02-06-2009 08:46 AM
Karthik,
With AD we need to use PEAP. There error we are getting is due to certificate. Please uncheck validate server certificate in wireless client and try to authentication.
Regards,
~JG
Do rate helpful posts
02-10-2009 09:17 AM
Hi Karthik,
The SSL handshake will fail in our experience for any of the following reasons:
- The supplicant cannot access the private key corresponding to it's certificate - check that the system a/c has pemissions over the private key found in c:\documents and settings\all users\application data\microsoft\crypto\rsa\machine keys
- The ACS sever does not trust the Root Certificate for the PKI that issued the supplicants certificate - Is the Supplicants Root CA present in the ACS Certificate Trust List?
- CRL checking is enabled and the CRL has expired or is inaccessible
If you up the logging levels to full and examine the csauth log closely you should get more detail as to the reason
Hope that helps
Andy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide