Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

EAP-TLS wi-fi net for PC and iPhone

Hi, everyone! I'm rather confused and hoped that someone could help me to make the situation clear.

We wan't to establish a wi-fi net with WPA-2 Enterprise and EAP-TLS for computers  and mobile devices (iPhones, Nokia Symbian, Android devices).

The connection is organised in such way: client---AP 1240---ACS 4.2---AD(server 2003)

I have 2 testing computers with wi-fi adapters: one is connected to the  domain (has a wire connection), another has a local account, and an  iPhone. I customized the settings on these computers,iphone, AP and ACS. 

We have our own CA, 2-tier PKI infrastructure. I have installed the ACS and client's certificates on all the devices (by the way, they are 2048 bit size of).

I manage to connect from a computer included in the domain but the second PC and iPhone refuse to connect,respectively:

"EAP-TLS or PEAP authentication failed during SSL handshake".

"EAP-TLS or PEAP authentication failed due to unknown CA certificate during SSL handshake"

Also I saw in logs that "Machine authentication is not permitted" so the domain PC authenticates through user account and is mapped to a special group.

So I think the reason is that only domain  devices are allowed to join the net. How can I change this thing?

Another variant is that I issue the certificates first to wired domain computers and then export  them to non-connected to domain devices so they have inappropriate credentials.

Please, if you have any thoughts about the reason of the problem, share them. I would appreciate any help.

CreatePlease to create content