ACS authentication issue

Unanswered Question
Oct 23rd, 2009
User Badges:

Guys we have acs 4.2 installed ...as it was a single point of failure we have another server now running as a redundant server in a datacentre....all the configs has been done already but the authentication is not been done the server is getting replication from primary and there is no rpoblem but this certificate thing is not installed on ACS....i have tried to look few doco...but sorry to say couldnt find even one doco which tells me how to do that.....the problem is that both the servers are running windows 2003 and they are domain contollers which are not running IIS......and the ACS version is 4.2........i have spend ages but couldnt find the way how to do on windows 2003 running as a domain controller and ACS 4.2 installed on it..........can some one please tell me the way out

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jatin Katyal Fri, 10/23/2009 - 03:47
User Badges:
  • Cisco Employee,

Hi,


I went through your post. I'm only unsure about one thing that would you like to make the same servers certificate authorities where we have acs installed you want to install certificate on ACS for wireless authentication.


Anyways, I'm giving you info about both the options:


==## Configuring your Win 2003 server for an Enterprise Root Certification Authority ##==


http://technet.microsoft.com/en-us/library/cc700804.aspx#XSLTsection123121120120


==## In order to get certificate from CA and get it installed in ACS version 4.2##==


You may go through the attached PDF CONSITS ACS CERTIFICATE SCREEN SHOTS)

The_guroo_2 Fri, 10/23/2009 - 06:59
User Badges:

Thanks for your email......now th escreen shots you have send are amazing but as i have mentioned there is no IIS installed so i cant go to ceriotificate authority home page point no 1....second point is i have no idea abt this certificate thing as on primary ACS when you go to global authentication there is chap2 and m something checked on a very top........even though after replication the box is uncheked ......when i try to check the box and did submit it says that certificate is not installed.....now can you please guide me which certificate its talking abt.....i am getting nuts with this ACS......its so hard and complex......last time when i did replication it was issing some info then some one told me that i can to check NAP....rather then other box (which i dont rem) after doing that i got all the groups (actually its not the groups) it was like domain stuff.........both servers are in different datacentres....dude can you help me out as i am really struggling

Jatin Katyal Fri, 10/23/2009 - 03:50
User Badges:
  • Cisco Employee,

Hi,


I went through your post. I'm only unsure about one thing that would you like to make the same servers certificate authorities where we have acs installed you want to install certificate on ACS for wireless authentication.


Anyways, I'm giving you info about both the options:


==## Configuring your Win 2003 server for an Enterprise Root Certification Authority ##==


http://technet.microsoft.com/en-us/library/cc700804.aspx#XSLTsection123121120120


==## In order to get certificate from CA and get it installed in ACS version 4.2##==


You may go through the attached PDF CONSITS ACS CERTIFICATE SCREEN SHOTS)



Jatin Katyal Fri, 10/23/2009 - 07:40
User Badges:
  • Cisco Employee,

Hi,


Follow this doc to install self-signed cert. Once you install the cert than go to system configuration > global authentication setup > check peap mschapv2


http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration

_example09186a0080545a29.shtml#t14



You don't need IIS for this but if you still want here is the link:


http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/72e9df5a-d35f-4061-a51f-d9e9f6d80c89.mspx?mfr=true


HTH


JK


Plz rate the helpfuls posts-

The_guroo_2 Tue, 10/27/2009 - 22:47
User Badges:

Thanks for your help now tell me one thing in which case we use self-sign certificate in ACS and in which scenario we use server to make a certificate and then import in acs....i am very confuse regarding this concept......the wirless doesnt use any certificate all ACS is doing in our scenario that it is doing authentoicated the credintials of wirless (username and password) from a windows AD 2003 server......here i have to mention again that windows 2003 is a domain contoller.......so in this scenario which option shd we go for.....there is already a server primary one installed.....is there any way to check that what kind of certificate it is using....i tried my best but couldnt find it.........thanks again

Actions

This Discussion