Hi, everyone! I'm rather confused and hoped that someone could help me to make the situation clear.
We wan't to establish a wi-fi net with WPA-2 Enterprise and EAP-TLS for computers and mobile devices (iPhones, Nokia Symbian, Android devices).
The connection is organised in such way: client---AP 1240---ACS 4.2---AD(server 2003)
I have 2 testing computers with wi-fi adapters: one is connected to the domain (has a wire connection), another has a local account, and an iPhone. I customized the settings on these computers,iphone, AP and ACS.
We have our own CA, 2-tier PKI infrastructure. I have installed the ACS and client's certificates on all the devices (by the way, they are 2048 bit size of).
I manage to connect from a computer included in the domain but the second PC and iPhone refuse to connect,respectively:
"EAP-TLS or PEAP authentication failed during SSL handshake".
"EAP-TLS or PEAP authentication failed due to unknown CA certificate during SSL handshake"
Also I saw in logs that "Machine authentication is not permitted" so the domain PC authenticates through user account and is mapped to a special group.
So I think the reason is that only domain devices are allowed to join the net. How can I change this thing?
Another variant is that I issue the certificates first to wired domain computers and then export them to non-connected to domain devices so they have inappropriate credentials.
Please, if you have any thoughts about the reason of the problem, share them. I would appreciate any help.