Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PEAP work without a ... ??

Hi all,

I have ACS configured to authenticate wireless users using “Cisco PEAP” with server certificate and the data base from Active Directory.

The problem I’m facing is the users can be authenticated without installing the server certificate.

Is it normal?? Or Is there an option in the ACS to reject any authentication request from any user who doesn’t have the certificate installed in his wireless device??

please respond ASAP guys.

thaknks alot

7 REPLIES
Green

Re: PEAP work without a ... ??

PEAP only uses a certificate on the ACS side of the connection.

EAP-TLS requires the use of certificates on both Server and Client.

Windows clients, if I'm recalling correctly, have a checkbox in the wireless configuration for whether or not you want the client to verify the server's certificate

Good Luck

Scott

.

New Member

Re: PEAP work without a ... ??

thanks for your reply scott,

but is there a way to force the windows client to install the certificate, otherwise he can't login?

i wanna do this to ensure the client is talking to the right ACS server and encrypt his data.

Re: PEAP work without a ... ??

then you have to make it over the AD policy i think, but its the same with the ssl web sites you can trust the ca or you can set the browser to trust everything.

regards bernhard

New Member

Re: PEAP work without a ... ??

Hi,

PEAP uses a server side certificate, not client. If client certificates are what you desire you may need to look at EAP-TLS or another method. Hope this helps.

g

New Member

Re: PEAP work without a ... ??

Thanks guys for your support and help,

I know PEAP is a server side certificate, what i want to know is:

Is it possible to reject any authentication request from any client who doesn’t install the server certificate? If Yes, ... How??

I hope it is clear now guys :)

Waiting for your reply

New Member

Re: PEAP work without a ... ??

any update guys?

Green

Re: PEAP work without a ... ??

With PEAP, no. Not without an additional component that would check for a client-side cert and reject the authorization.

PEAP does not use or check client side certificates.

Good Luck

Scott

146
Views
0
Helpful
7
Replies
CreatePlease to create content