11-27-2003 05:11 AM - edited 07-04-2021 09:11 AM
Hello,
I try to use PEAP in our Wireless Enviorment.
Authentication works fine, but only when I'm always be logged in on the Machine (Logged in Localy).
What I want is PEAP Authentication run before the
Network Login so that all our LoginScript's runs.
Enviroment:
XP Client SP1 with GTC Login and Cisco PCMCIA
XP Client SP1 with MS-CHAP v2 and INTEL MINI PCI
Cisco ACS 3.2
AP 350
AP 1200
Could anyone help me?
11-28-2003 05:50 AM
Hello,
I tried to do the same thing and the only way I found
is to use Odyssey client from Funk Software.
Using its own GINA, Odyssey is able to authenticate
using PEAP after the username and password are entered, but just before the winlogon process.
Hope that help,
Christian.
11-30-2003 12:50 PM
If you're willing to use microsoft IAS rather than ACS, you can use its built in host-based 802.1X authentication between 2k/2k3srv and 2K/XP, for instructions see http://www.missl.cs.umd.edu/Projects/wireless/8021x
- mike
12-02-2003 03:38 AM
Thanks, I tried host based authentication and it works fine. But the problem is that we use W2K and it doesn't support WPA.
Is there a way for using W2K host based authentication (via PEAP) with WPA ?
12-30-2003 09:02 AM
Did you get host based authentication using IAS server to work 100% of the time. I have it working but it is totally unreliable. Sometimes it would authenticat and other times it would not. Did you have this problem?
12-26-2003 09:14 AM
Yes, we have implemented the following with success :
Windows Client <==> Access Point <==> FW <==> Radius <==> Windows DC/AD
Windows OS : XP Client SP 1
Supplicant : Built-in Wireless Supplicant
Authentication : 802.1x PEAP(MS-Chapv2)
Access Point : Aironet 1200
Radius : ACS 3.2
Adaptors : 350 /340
CA : Microsoft
Once configured correctly, five phases of authentication will take place :
1st Authentication ==> Wireless Open/Shared Authentication
(transparent to user - activated by the wireless supplicant automatically)
2nd Authentication ==> 802.1x PEAP "computer account" authentication
(transparent to user - activated by wireless supplicant and enabling "authenticated when computer information")
3rd Authentication ==> "computer logon process" authentication to domain controller/active directory
(transparent to user - activated by Windows 2000 or Windows XP)
4th Authentication ==> "user logon process" authentication to domain controller/active directory
(transparent to user - activated by Windows 2000 or Windows XP)
5th Authentication ==> 802.1x PEAP "domain account" authentication
(transparent to user - activated by wireless supplicant and enabling wireless supplicant for PEAP-use my windows username and password)
- 2nd authentication will enable the computer have TCP/IP connectivity after 802.1x authenticates.
- 3rd authentication will allow the computer startup/group policies to load from DC/AD.
- 4th authentication will activate the user logon to load from DC/AD.
- Make sure "Authenticate as Computer when computer information is available on the wireless supplicant"
- Search for microsoft patches using the following keywords : wireless OR PEAP OR 802.1x OR WPA.
Especially those relating to DHCP.
- Use lastest IOS from Cisco.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide