This is not entirely correct. PEAP does require a certificate, but on the server side only. The clients do not require a cert. In EAP-TLS, however, the client does need to verify the server cert. You can GOOGLE your question or try Microsoft's TechNet. There is a good article on setting up PEAP from scratch with Win2k3 server, look on TechNet for it. Also, look at the chart found here:
Hi Scott, i am with you i installed a Cert on our ACS and that bit is fine, what i dont get is does the windows supplicant need a cert installed on the client machine ??cuz the tick for validate certificate is of no use, as the clients can connect with or without it
You are correct in that the certificate is not needed on the client. Just uncheck the "Validate Server..." part. As for it still not working without validating server, have you checked your RADIUS/IAS logs? Are you seeing any logged attempts? In addition, is your AP set up as a RADIUS client under IAS with correct shared secret? You also need to configure your SSID with the following:
Open with EAP
Network with No Addition
Encryption Mandatory WPA
Then, under the encryption manager, for Cipher select TKIP.
Be sure and also define a default EAP server, which is your RADIUS/IAS server. Make certain your shared secret keys are correct.
You can obtain the following document which walks you through a lot of this stuff on a Win2K3 Server at the following address:
We are moving! Please use WLCCA Forum for updates and discussions
[toc:faq] Wireless LAN Controller (WLC) Config Analyzer Download Click
here to Download To request access, send an e-mail to
email@example.com. Please include your Cisco.com userna...
[toc:faq] IntroductionHere is the step by step process that we have to
take care of while converting LWAPP to IOS and then vice versa..LWAPP to
IOSThe hardware used = 1141 AP (make sure we are using the right
[toc:faq] Introduction AnyConnect Secure Mobility Client 3.0: Network
Access Manager & Profile Editor on Windows Summary Use the Cisco
AnyConnect Network Access Manager Profile Editor to build custom
profiles for the AnyConnect Secure Mobility Client. App...