Machine authentication stop working

Unanswered Question
Jul 16th, 2010
User Badges:

We succeeded to setup  a Wireless LAN comprising: a 4404 Controller, 20 Access Points 1140 and an IAS server installed on Domain Controller

Each wireless machine with a personal certificate (issued to the computer account) authenticates (PEAP authentication with MS Radius Server for 802.1x) priory to the user authentication ( using Domain credential). Since one week, machines without a personal certificate are granted access to the wireless network. We cannot find out what have caused this change? Our aim is to grant access only to machines with personal certificate.

Please can you help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
leejohns Wed, 07/21/2010 - 07:43
User Badges:
  • Cisco Employee,


If you are just using PEAP, then all that is required is a certificate on the RADIUS server.  The clients would not have to have one in order to successfully authenticate. If you want to have the clients be forced to use certificates, then you are going to have to setup EAP-TLS on our IAS and not allow PEAP.



Robert Mantwani Wed, 07/21/2010 - 08:15
User Badges:

We resolved the issue by re-creating the PEAP Policy on another DC running an IAS Server with the correct certificate but we were unable to diagnose the cause of this problem. All OK now  and we are planning to do the same with the pevious failed RADIUS server so it can act as a secondary RADIUS Server.

To Lee, thanks  for your reply. You can still use a computer certificate under PEAP  to tight the control on devices accessing your Wireless LAN. It's a mean to prevent any domain computer to be used to access the Wireless LAN.

leejohns Wed, 07/21/2010 - 08:22
User Badges:
  • Cisco Employee,

That is interesting. Thanks for posting the resolution.



This Discussion

Related Content