https://community.cisco.com/t5/wireless/peap-machine-authentication-doesn-t-work/m-p/316989#M20630 <HTML><HEAD></HEAD><BODY><P>Hi Got machine auth working, by using a policy to specify the certificate to the workstations.</P><P>Although the mmc snap-in can also be used.</P><P>Regards</P><P>Colin</P></BODY></HTML> Tue, 22 Mar 2005 18:19:39 GMT colin.lynch 2005-03-22T18:19:39Z https://community.cisco.com/t5/wireless/peap-machine-authentication-doesn-t-work/m-p/316986#M20627 <P>Hello,</P><P></P><P>I'm trying to set up machine authentication and at this time I have some problems.</P><P>I have the following configuration:</P><P></P><P>- the users laptop are running WinXP</P><P>- the AP is a 1232</P><P>- ACS 3.3.2</P><P>- external database (Win2000 Active Directory) authentication</P><P></P><P>I set up PEAP and it works well when a user is authenticated. However when I enable machine authentication on the ACS and also on the user laptop, it doesn't work. In the ACS logs I can see that the user has not authenticated due to the machine access restriction.</P><P></P><P>On the Active Directory I changed the Dial In config. for the computers to allow access.</P><P></P><P>Is there anything else that has to be modified in order to perform machine authentication?</P><P></P><P>Hope someone will be able to help me.</P><P></P><P>Thanks in advance.</P><P></P><P>Alex</P> Sun, 04 Jul 2021 17:33:32 GMT https://community.cisco.com/t5/wireless/peap-machine-authentication-doesn-t-work/m-p/316986#M20627 alex.alexander 2021-07-04T17:33:32Z https://community.cisco.com/t5/wireless/peap-machine-authentication-doesn-t-work/m-p/316987#M20628 <HTML><HEAD></HEAD><BODY><P>Try after disabling peap session resume if it's enabled. </P></BODY></HTML> Fri, 18 Mar 2005 16:50:39 GMT https://community.cisco.com/t5/wireless/peap-machine-authentication-doesn-t-work/m-p/316987#M20628 bbaley 2005-03-18T16:50:39Z https://community.cisco.com/t5/wireless/peap-machine-authentication-doesn-t-work/m-p/316988#M20629 <HTML><HEAD></HEAD><BODY><P>Hi Alex</P><P>I have had a similar issue, I found that my PEAP users were fine but Machine authentication failed at the SSL handshake. I.E the machine didn't know where the local certificate was. In the meantime to get the policies working I unchecked the "validate server certificate" on the client. And that works, I would assume that the certificate needs to be in a specific default location for the machine authentication to use it, though thats just a guess.</P><P>I am spending the day to get this working and I'll post what I find out.</P><P>Regards</P><P>Colin</P></BODY></HTML> Tue, 22 Mar 2005 09:02:02 GMT https://community.cisco.com/t5/wireless/peap-machine-authentication-doesn-t-work/m-p/316988#M20629 colin.lynch 2005-03-22T09:02:02Z https://community.cisco.com/t5/wireless/peap-machine-authentication-doesn-t-work/m-p/316989#M20630 <HTML><HEAD></HEAD><BODY><P>Hi Got machine auth working, by using a policy to specify the certificate to the workstations.</P><P>Although the mmc snap-in can also be used.</P><P>Regards</P><P>Colin</P></BODY></HTML> Tue, 22 Mar 2005 18:19:39 GMT https://community.cisco.com/t5/wireless/peap-machine-authentication-doesn-t-work/m-p/316989#M20630 colin.lynch 2005-03-22T18:19:39Z https://community.cisco.com/t5/wireless/peap-machine-authentication-doesn-t-work/m-p/316990#M20631 <HTML><HEAD></HEAD><BODY><P>I know this is a dumb response, but i got mine working after a bit of trouble....</P><P></P><P>seems just like users you need to map the computer group to a group in ACS...(duh), so i mapped all the "domain computers" ad group into my dot1x group and got the machine authentication working (this was for my 802.1x wired project). It should work for wired and wireless though.</P></BODY></HTML> Wed, 25 May 2005 02:10:28 GMT https://community.cisco.com/t5/wireless/peap-machine-authentication-doesn-t-work/m-p/316990#M20631 mhernandez11 2005-05-25T02:10:28Z https://community.cisco.com/t5/wireless/peap-machine-authentication-doesn-t-work/m-p/316991#M20632 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>I had the same problem. I solved it like this:</P><P>- In ACS go to Windows User Database Configuration</P><P>- "EAP-TLS and PEAP machine authentication name prefix" option, remove "/host" (i.e leave field empty).</P><P>- Check "Enable machine access restrictions"</P><P></P><P>this worked for me.</P><P>regards,</P><P>Eniz</P></BODY></HTML> Wed, 15 Jun 2005 13:25:16 GMT https://community.cisco.com/t5/wireless/peap-machine-authentication-doesn-t-work/m-p/316991#M20632 eerten 2005-06-15T13:25:16Z