EAP-FAST with Manual .pac provisioning AP 1010 w/ ACS

Unanswered Question
May 11th, 2006
User Badges:


I am able to authenticate with EAP-FAST auto provisioning but I am hesitant to use it due to MITM attacks. I generated a manual .pac file on the ACS for my userid and loaded it on the client no problem. But I am unable to authenticate - no errors in the ACS failed attempts log. Where is the .pac file stored in the ACS and do I have to move it or point to it in some other way so that when I logon with my client it matches up? Thank You

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
phauck Fri, 05/12/2006 - 02:59
User Badges:

There is no PAC file on the ACS to speak of. The PAC file is generated from the parameters within EAP-FAST authentication on ACS.

Typically if you change any of the parameters within ACS you need to generate a new PAC file for the client.

sdoherty Fri, 05/12/2006 - 10:17
User Badges:

I generated a manual .pac file using the ACS utility CSUtil. MY ACS version is 3.3 and the file is under the C:\Program Files\CiscoSecure ACS vX.X\Utils and the file is created in the same directory. I did an import of this file ( I copied the file from the ACS to a thumbdrive ) on my Intel PROSet utility for an EAP-Fast profile. BUT when I try and connect I am unable to. I was able to connect when auto-pac is being used but I want to use manual.

kwonza Fri, 05/12/2006 - 05:06
User Badges:

If you are using ACS V4.0, it does not support manual PAC provisioning. You have to do automatic.


This Discussion



Trending Topics - Security & Network