Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Need help troubleshooting Machine Authentication...

Greetings-

I am having an issue with getting machine authentication to work.

I have:

Windows Server 2003 with AD, certificate services, and IAS installed.

Windows XP client - SP2 with WPA MS fixes. Installed machine cert from CA.

4400 controller with 4.1x code. RADIUS is configured correctly.

When I use PEAP, the client associates.

When I select "use machine account..." option I don't see anything happen on the client or server that would indicate that machine authentication was attempting.

Any ideas where to start? Could this be an issue with certificates on the client?

Thanks!

3 REPLIES
Hall of Fame Super Silver

Re: Need help troubleshooting Machine Authentication...

Read over this and see if this helps you.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml

-Scott
*** Please rate helpful posts ***
Community Member

Re: Need help troubleshooting Machine Authentication...

I'd check out TechRepublic's ultimate guide to enterprise wireless LAN security. It has a very good section on using self signed certs for machine authentication in a windows environment. I'm assuming you are wanting to do that so you won't have to use cached credentials.

http://i.t.com.com/i/tr/downloads/home/gou_secure-wireless-guide.pdf

Community Member

Re: Need help troubleshooting Machine Authentication...

Thanks, I had seen that doc...

I was using machine certs to authenticate. My problem turned out to be the fact that it is required that one adds two registry entries to make the computer authenticate as required. Below are the dword entries. They change the behavior of the supplicant. One tells the system to do Machine auth. Without it (on XP sp2), the client will never try to authenticate prior to user logon. The other controls the authentication behavior upon user logon. By default, the client wants to do PEAP once a user logs on.

HKEY_LOCAL_MACHINE\Software\Microsoft\EAPOL\Parameters\General\Global\AuthMode (

HKEY_LOCAL_MACHINE\Software\Microsoft\EAPOL\Parameters\General\Global\SupplicantMode

204
Views
3
Helpful
3
Replies
CreatePlease to create content