Re: EAP-FAST with Manual .pac provisioning AP 1010 w/ ACS

sdoherty · ‎05-11-2006

Hello,

I am able to authenticate with EAP-FAST auto provisioning but I am hesitant to use it due to MITM attacks. I generated a manual .pac file on the ACS for my userid and loaded it on the client no problem. But I am unable to authenticate - no errors in the ACS failed attempts log. Where is the .pac file stored in the ACS and do I have to move it or point to it in some other way so that when I logon with my client it matches up? Thank You

phauck · ‎05-12-2006

There is no PAC file on the ACS to speak of. The PAC file is generated from the parameters within EAP-FAST authentication on ACS.

Typically if you change any of the parameters within ACS you need to generate a new PAC file for the client.

sdoherty · ‎05-12-2006

I generated a manual .pac file using the ACS utility CSUtil. MY ACS version is 3.3 and the file is under the C:\Program Files\CiscoSecure ACS vX.X\Utils and the file is created in the same directory. I did an import of this file ( I copied the file from the ACS to a thumbdrive ) on my Intel PROSet utility for an EAP-Fast profile. BUT when I try and connect I am unable to. I was able to connect when auto-pac is being used but I want to use manual.

kwonza · ‎05-12-2006

If you are using ACS V4.0, it does not support manual PAC provisioning. You have to do automatic.