Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Authentication issue with ACS (PEAP with MS CHAPv2)

Dear friends,

we have a Cisco ACS 4.1 and as long as we worked with EAP-FAST we had no problems. For Security reasons it was decided we switch to PEAP with MS-CHAPv2 for the inner authentication.

We installed a PKI Server Certificate on the ACS Server without any problems and then exported the ACS Radius Server Certificate along with the CA Certificates to the Clients Certificate Store. But the client just does not authenticate against the ACS Server with PEAP as soon as we enable "validate Server Certificate" (with validate Server Certificate disabled it works perfrectly). Can you help us ? Thanks so much. We use the ACS internal Database.

1 REPLY

Re: Authentication issue with ACS (PEAP with MS CHAPv2)

If you click validate server cert, then you need to have CA installed on the client.

Since you dont have CA installed that is why its not working.

Regards

~JG

201
Views
0
Helpful
1
Replies