cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
515
Views
0
Helpful
3
Replies

EAP-FAST with Manual .pac provisioning AP 1010 w/ ACS

sdoherty
Level 1
Level 1

Hello,

I am able to authenticate with EAP-FAST auto provisioning but I am hesitant to use it due to MITM attacks. I generated a manual .pac file on the ACS for my userid and loaded it on the client no problem. But I am unable to authenticate - no errors in the ACS failed attempts log. Where is the .pac file stored in the ACS and do I have to move it or point to it in some other way so that when I logon with my client it matches up? Thank You

3 Replies 3

phauck
Level 1
Level 1

There is no PAC file on the ACS to speak of. The PAC file is generated from the parameters within EAP-FAST authentication on ACS.

Typically if you change any of the parameters within ACS you need to generate a new PAC file for the client.

I generated a manual .pac file using the ACS utility CSUtil. MY ACS version is 3.3 and the file is under the C:\Program Files\CiscoSecure ACS vX.X\Utils and the file is created in the same directory. I did an import of this file ( I copied the file from the ACS to a thumbdrive ) on my Intel PROSet utility for an EAP-Fast profile. BUT when I try and connect I am unable to. I was able to connect when auto-pac is being used but I want to use manual.

kwonza
Level 1
Level 1

If you are using ACS V4.0, it does not support manual PAC provisioning. You have to do automatic.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: