04-11-2003 05:29 AM - edited 07-04-2021 08:38 AM
Hi,
I have succesfully configured PEAP Authentication on Win 2000 Professional (Aironet PCMCIA 350, ACU 6.0). But PEAP Authentification promt for PEAP username and password is launched after login to the Win 2k system via workstation login only. So there is no way to login to Win 2k with network resources during Win 2k startup. How to tell to Win 2000 Pro to launch PEAP Authentication prompt for PEAP username and password before system prompt?
P.S. If I switch to LEAP, then all is running O.K. The first is launched LEAP Authentication dialog, and the second is Win 2k Authentication dialog.
Thanks.
04-11-2003 06:22 AM
Is this a configurable option on the ACU? Within the network security tab, click configure and choose "use windows username and password"? I know it is for LEAP but not sure about PEAP.
04-11-2003 07:54 AM
No, this isn't configurable option on the ACU. For LEAP it is, for PEAP it isn't.
04-30-2003 12:20 AM
I find out that Win 2k Pro PEAP Client - native Microsoft client - tries to authenticate via PEAP as a computer account in MS Domain during windows startup. If I use ACU 6.0 and I have checked option "Authenticate as computer when computer information is available", Win 2k Pro client doesn't try to authenticate as a computer.
04-17-2003 12:02 PM
Usskenet,
I can't get PEAP to work on W2K Server with IAS. Would you be willing to chat with me about your windows setup on your wireless? I am using a 1220 Cisco AP and W2K radius server, ACU 6.0 w/ CB20A adapter...
I can't seem to get a valid certificate. R U using a Cert Authority?
04-22-2003 12:31 AM
Hi,
my config is:
Win2kPro client (with ACU 6.0) -> 350 Sisco AP -> ACS 3.1 -> Novell LDAP Server. I'm using my own certification server based on Novell Netware 6.0. I issued more certificates: 1. ACS Certificate based on CISCO ACS request to CA; 2. CA Certificate for Trusted CA (my own CA), 3. Personal Certificate for ACS like SSL LDAP client; 4. LDAP Server Certificate for Novell LDAP Server.
My problem is to force PEAP Authentication on Win2k Pro client before W2k system auth prompt.
04-21-2003 05:47 AM
I am trying to use PEAP also. Do you know any links to "how to" documents or whitepaper on PEAP implementation? I know a few, but I cannot find all that I need. I am using ACS 3.1, AP1220, MS CA server, various clients.
The few I have found,
http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safwl_wp.htm
http://www.cisco.com/warp/public/cc/pd/witc/ao1200ap/prodlit/wswpf_wp.htm
04-24-2003 10:02 AM
I'm having trouble finding the PEAP settings within W2k pro, SP3. I can't find the authentication information under network properties within the control panel. I have reinstalled SP3 and installed "Q313664_W2K_SP4_X86_EN.exe" but I still don't have the EAP information. From what I can tell there is supposed to be an authentication screen under the advanced settings within Network Properties.
Any help would be greatly appreciated.
Thanks.
04-24-2003 10:15 AM
Find service "Wireless Configuration" in Computer Management Services section and setup Automatic Startup and START this servis. You'll finnaly find Authentication section under the advanced setting within Network Properties.
04-24-2003 12:26 PM
Go to services and start the service for wireless configuration, this will enable you to have the Authetication Tab on you LAN properties.
05-02-2003 09:30 AM
Just curious....Did you ever get the PEAP authentication to occur before the Network login?
05-04-2003 12:33 PM
I find in CISCO ACS 3.1 authentication log that Win 2k Pro client tried to authenticate during windows startup by cached credentials - but only native Microsoft PEAP client. It used name of computer as PEAP username. So there wasn't any PEAP authentication dialog for typing username and password. If I installed ACU 6.0 Win 2k Pro client stops this authentication - I didn't find more records in ACS Auth log after.
05-13-2003 04:41 AM
Please nobody from CISCO staff have any idea? Thanks for ANY answer.
05-15-2003 11:23 AM
usskenet,
I found a paper on the net that has a good description of the MS PEAP login process. It discusses the machine login that you described, as well as the user logon process. My reading of his document is that after the windows login, the windows credentials are presented to the radius server, so you wouldn't need another prompt for credentials. This is all theroretical as I don't have any of this set up yet (I'm waiting for WPA). The web reference:
or do a google search for steve +riley +trustworthy +computing +services
to find the pdf file PEAP description. Hope that helps some.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide