Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2321
Views
0
Helpful
5
Replies

PEAP Authentication before Login

dtrapp
Level 1
Level 1

‎11-27-2003 05:11 AM - edited ‎07-04-2021 09:11 AM

Hello,

I try to use PEAP in our Wireless Enviorment.

Authentication works fine, but only when I'm always be logged in on the Machine (Logged in Localy).

What I want is PEAP Authentication run before the

Network Login so that all our LoginScript's runs.

Enviroment:

XP Client SP1 with GTC Login and Cisco PCMCIA

XP Client SP1 with MS-CHAP v2 and INTEL MINI PCI

Cisco ACS 3.2

AP 350

AP 1200

Could anyone help me?

Labels:
0 Helpful
5 Replies 5

c.fritz
Level 1
Level 1

‎11-28-2003 05:50 AM

Hello,

I tried to do the same thing and the only way I found

is to use Odyssey client from Funk Software.

Using its own GINA, Odyssey is able to authenticate

using PEAP after the username and password are entered, but just before the winlogon process.

Hope that help,

Christian.

0 Helpful

verdann
Level 1
Level 1

‎11-30-2003 12:50 PM

If you're willing to use microsoft IAS rather than ACS, you can use its built in host-based 802.1X authentication between 2k/2k3srv and 2K/XP, for instructions see http://www.missl.cs.umd.edu/Projects/wireless/8021x

- mike

0 Helpful

c.fritz
Level 1
Level 1
In response to verdann

‎12-02-2003 03:38 AM

Thanks, I tried host based authentication and it works fine. But the problem is that we use W2K and it doesn't support WPA.

Is there a way for using W2K host based authentication (via PEAP) with WPA ?

0 Helpful

mhs
Level 1
Level 1
In response to c.fritz

‎12-30-2003 09:02 AM

Did you get host based authentication using IAS server to work 100% of the time. I have it working but it is totally unreliable. Sometimes it would authenticat and other times it would not. Did you have this problem?

0 Helpful

b.tay
Level 1
Level 1

‎12-26-2003 09:14 AM

Yes, we have implemented the following with success :

Windows Client <==> Access Point <==> FW <==> Radius <==> Windows DC/AD

Windows OS : XP Client SP 1

Supplicant : Built-in Wireless Supplicant

Authentication : 802.1x PEAP(MS-Chapv2)

Access Point : Aironet 1200

Radius : ACS 3.2

Adaptors : 350 /340

CA : Microsoft

Once configured correctly, five phases of authentication will take place :

1st Authentication ==> Wireless Open/Shared Authentication

(transparent to user - activated by the wireless supplicant automatically)

2nd Authentication ==> 802.1x PEAP "computer account" authentication

(transparent to user - activated by wireless supplicant and enabling "authenticated when computer information")

3rd Authentication ==> "computer logon process" authentication to domain controller/active directory

(transparent to user - activated by Windows 2000 or Windows XP)

4th Authentication ==> "user logon process" authentication to domain controller/active directory

(transparent to user - activated by Windows 2000 or Windows XP)

5th Authentication ==> 802.1x PEAP "domain account" authentication

(transparent to user - activated by wireless supplicant and enabling wireless supplicant for PEAP-use my windows username and password)

- 2nd authentication will enable the computer have TCP/IP connectivity after 802.1x authenticates.

- 3rd authentication will allow the computer startup/group policies to load from DC/AD.

- 4th authentication will activate the user logon to load from DC/AD.

- Make sure "Authenticate as Computer when computer information is available on the wireless supplicant"

- Search for microsoft patches using the following keywords : wireless OR PEAP OR 802.1x OR WPA.

Especially those relating to DHCP.

- Use lastest IOS from Cisco.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card