Wireless authentication via PEAP

Unanswered Question
Mar 28th, 2010
User Badges:

Hi all,


I am trying to authenticate my wireless users via the Windows 2003 AD.

I have followed the cisco document closely.

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00807917aa.shtml#t15.


However i am getting some issues on the client side.

Under "Configure the Wireless Network Connection" Step 12


It seems that on my client machine i could not see the TRusted Root Authorities that i created on my CA server.

Isnt it suppose to be autoconfig? Meaning there is no need for a certificate on my client side, no exporting of certificate.


Pardon; my window's knowledge is limited.

PLease advise.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Robert.N.Barrett_2 Mon, 03/29/2010 - 08:10
User Badges:
  • Bronze, 100 points or more

Clients need to trust the certicate used for EAP auth on the ACS server.  That's either something you have to force the clients to do (GPO is handy for Windows / AD).  However, if the ACS certificate came from your Windows AD CA, then the clients only need to trust the root CA (in the Trusted Root Certification Authorities).  If your CA is part of the AD domain, and your clients are part of the AD domain, then this should all be automagic via the Enterprise Trust Store (as you said - no cert exporting/importing required).  You might be able to manually update the Enterprise Trust Store with your CA's certificate.  Google will help you out on that one (one that might help is below):


http://social.technet.microsoft.com/Forums/en/configmgrsum/thread/aa190e0f-3f3d-4062-a461-825130634690

Actions

This Discussion