05-11-2006 10:41 AM - edited 07-04-2021 12:04 PM
Hello,
I am able to authenticate with EAP-FAST auto provisioning but I am hesitant to use it due to MITM attacks. I generated a manual .pac file on the ACS for my userid and loaded it on the client no problem. But I am unable to authenticate - no errors in the ACS failed attempts log. Where is the .pac file stored in the ACS and do I have to move it or point to it in some other way so that when I logon with my client it matches up? Thank You
05-12-2006 02:59 AM
There is no PAC file on the ACS to speak of. The PAC file is generated from the parameters within EAP-FAST authentication on ACS.
Typically if you change any of the parameters within ACS you need to generate a new PAC file for the client.
05-12-2006 10:17 AM
I generated a manual .pac file using the ACS utility CSUtil. MY ACS version is 3.3 and the file is under the C:\Program Files\CiscoSecure ACS vX.X\Utils and the file is created in the same directory. I did an import of this file ( I copied the file from the ACS to a thumbdrive ) on my Intel PROSet utility for an EAP-Fast profile. BUT when I try and connect I am unable to. I was able to connect when auto-pac is being used but I want to use manual.
05-12-2006 05:06 AM
If you are using ACS V4.0, it does not support manual PAC provisioning. You have to do automatic.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide