cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
565
Views
0
Helpful
5
Replies

ACS authentication issue

The_guroo_2
Level 2
Level 2

Guys we have acs 4.2 installed ...as it was a single point of failure we have another server now running as a redundant server in a datacentre....all the configs has been done already but the authentication is not been done the server is getting replication from primary and there is no rpoblem but this certificate thing is not installed on ACS....i have tried to look few doco...but sorry to say couldnt find even one doco which tells me how to do that.....the problem is that both the servers are running windows 2003 and they are domain contollers which are not running IIS......and the ACS version is 4.2........i have spend ages but couldnt find the way how to do on windows 2003 running as a domain controller and ACS 4.2 installed on it..........can some one please tell me the way out

5 Replies 5

Jatin Katyal
Cisco Employee
Cisco Employee

Hi,

I went through your post. I'm only unsure about one thing that would you like to make the same servers certificate authorities where we have acs installed you want to install certificate on ACS for wireless authentication.

Anyways, I'm giving you info about both the options:

==## Configuring your Win 2003 server for an Enterprise Root Certification Authority ##==

http://technet.microsoft.com/en-us/library/cc700804.aspx#XSLTsection123121120120

==## In order to get certificate from CA and get it installed in ACS version 4.2##==

You may go through the attached PDF CONSITS ACS CERTIFICATE SCREEN SHOTS)

~Jatin

Thanks for your email......now th escreen shots you have send are amazing but as i have mentioned there is no IIS installed so i cant go to ceriotificate authority home page point no 1....second point is i have no idea abt this certificate thing as on primary ACS when you go to global authentication there is chap2 and m something checked on a very top........even though after replication the box is uncheked ......when i try to check the box and did submit it says that certificate is not installed.....now can you please guide me which certificate its talking abt.....i am getting nuts with this ACS......its so hard and complex......last time when i did replication it was issing some info then some one told me that i can to check NAP....rather then other box (which i dont rem) after doing that i got all the groups (actually its not the groups) it was like domain stuff.........both servers are in different datacentres....dude can you help me out as i am really struggling

Jatin Katyal
Cisco Employee
Cisco Employee

Hi,

I went through your post. I'm only unsure about one thing that would you like to make the same servers certificate authorities where we have acs installed you want to install certificate on ACS for wireless authentication.

Anyways, I'm giving you info about both the options:

==## Configuring your Win 2003 server for an Enterprise Root Certification Authority ##==

http://technet.microsoft.com/en-us/library/cc700804.aspx#XSLTsection123121120120

==## In order to get certificate from CA and get it installed in ACS version 4.2##==

You may go through the attached PDF CONSITS ACS CERTIFICATE SCREEN SHOTS)

~Jatin

Hi,

Follow this doc to install self-signed cert. Once you install the cert than go to system configuration > global authentication setup > check peap mschapv2

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration

_example09186a0080545a29.shtml#t14

You don't need IIS for this but if you still want here is the link:

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/72e9df5a-d35f-4061-a51f-d9e9f6d80c89.mspx?mfr=true

HTH

JK

Plz rate the helpfuls posts-

~Jatin

Thanks for your help now tell me one thing in which case we use self-sign certificate in ACS and in which scenario we use server to make a certificate and then import in acs....i am very confuse regarding this concept......the wirless doesnt use any certificate all ACS is doing in our scenario that it is doing authentoicated the credintials of wirless (username and password) from a windows AD 2003 server......here i have to mention again that windows 2003 is a domain contoller.......so in this scenario which option shd we go for.....there is already a server primary one installed.....is there any way to check that what kind of certificate it is using....i tried my best but couldnt find it.........thanks again

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: