Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PEAP authentication during windows startup.

Hi,

I have succesfully configured PEAP Authentication on Win 2000 Professional (Aironet PCMCIA 350, ACU 6.0). But PEAP Authentification promt for PEAP username and password is launched after login to the Win 2k system via workstation login only. So there is no way to login to Win 2k with network resources during Win 2k startup. How to tell to Win 2000 Pro to launch PEAP Authentication prompt for PEAP username and password before system prompt?

P.S. If I switch to LEAP, then all is running O.K. The first is launched LEAP Authentication dialog, and the second is Win 2k Authentication dialog.

Thanks.

13 REPLIES
New Member

Re: PEAP authentication during windows startup.

Is this a configurable option on the ACU? Within the network security tab, click configure and choose "use windows username and password"? I know it is for LEAP but not sure about PEAP.

New Member

Re: PEAP authentication during windows startup.

No, this isn't configurable option on the ACU. For LEAP it is, for PEAP it isn't.

New Member

Re: PEAP authentication during windows startup.

I find out that Win 2k Pro PEAP Client - native Microsoft client - tries to authenticate via PEAP as a computer account in MS Domain during windows startup. If I use ACU 6.0 and I have checked option "Authenticate as computer when computer information is available", Win 2k Pro client doesn't try to authenticate as a computer.

New Member

Re: PEAP authentication during windows startup.

Usskenet,

I can't get PEAP to work on W2K Server with IAS. Would you be willing to chat with me about your windows setup on your wireless? I am using a 1220 Cisco AP and W2K radius server, ACU 6.0 w/ CB20A adapter...

I can't seem to get a valid certificate. R U using a Cert Authority?

New Member

Re: PEAP authentication during windows startup.

Hi,

my config is:

Win2kPro client (with ACU 6.0) -> 350 Sisco AP -> ACS 3.1 -> Novell LDAP Server. I'm using my own certification server based on Novell Netware 6.0. I issued more certificates: 1. ACS Certificate based on CISCO ACS request to CA; 2. CA Certificate for Trusted CA (my own CA), 3. Personal Certificate for ACS like SSL LDAP client; 4. LDAP Server Certificate for Novell LDAP Server.

My problem is to force PEAP Authentication on Win2k Pro client before W2k system auth prompt.

New Member

Re: PEAP authentication during windows startup.

I am trying to use PEAP also. Do you know any links to "how to" documents or whitepaper on PEAP implementation? I know a few, but I cannot find all that I need. I am using ACS 3.1, AP1220, MS CA server, various clients.

The few I have found,

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/350cards/windows/incfg/win_ch7.htm#38329

http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safwl_wp.htm

http://www.cisco.com/warp/public/cc/pd/witc/ao1200ap/prodlit/wswpf_wp.htm

New Member

Re: PEAP authentication during windows startup.

I'm having trouble finding the PEAP settings within W2k pro, SP3. I can't find the authentication information under network properties within the control panel. I have reinstalled SP3 and installed "Q313664_W2K_SP4_X86_EN.exe" but I still don't have the EAP information. From what I can tell there is supposed to be an authentication screen under the advanced settings within Network Properties.

Any help would be greatly appreciated.

Thanks.

New Member

Re: PEAP authentication during windows startup.

Find service "Wireless Configuration" in Computer Management Services section and setup Automatic Startup and START this servis. You'll finnaly find Authentication section under the advanced setting within Network Properties.

New Member

Re: PEAP authentication during windows startup.

Go to services and start the service for wireless configuration, this will enable you to have the Authetication Tab on you LAN properties.

New Member

Re: PEAP authentication during windows startup.

Just curious....Did you ever get the PEAP authentication to occur before the Network login?

New Member

Re: PEAP authentication during windows startup.

I find in CISCO ACS 3.1 authentication log that Win 2k Pro client tried to authenticate during windows startup by cached credentials - but only native Microsoft PEAP client. It used name of computer as PEAP username. So there wasn't any PEAP authentication dialog for typing username and password. If I installed ACU 6.0 Win 2k Pro client stops this authentication - I didn't find more records in ACS Auth log after.

New Member

Re: PEAP authentication during windows startup.

Please nobody from CISCO staff have any idea? Thanks for ANY answer.

New Member

Re: PEAP authentication during windows startup.

usskenet,

I found a paper on the net that has a good description of the MS PEAP login process. It discusses the machine login that you described, as well as the user logon process. My reading of his document is that after the windows login, the windows credentials are presented to the radius server, so you wouldn't need another prompt for credentials. This is all theroretical as I don't have any of this set up yet (I'm waiting for WPA). The web reference:

http://216.239.33.104/search?q=cache:Ik_cLkgDuIYC:www.blackhat.com/presentations/win-usa-03/bh-win-03-riley-wireless/bh-win-03-riley.pdf+steve+%2Briley+%2Btrustworthy+%2Bcomputing+%2Bservices&hl=en&ie=UTF-8

or do a google search for steve +riley +trustworthy +computing +services

to find the pdf file PEAP description. Hope that helps some.

246
Views
0
Helpful
13
Replies
CreatePlease to create content