PEAP authentication failure with ACS 3.3.1

nuno.santos · ‎09-18-2004

Hi,

whenever i try to authenticate a user through peap, and after installed the certificate and activate peap support, i obtain the following failed attempt message:

EAP-TLS or PEAP authentication failing during SSL handshacke.

Anybody knows how to solve it?

Thanks

Nuno Santos

irisrios · ‎09-27-2004

EAP-TLS authentication using Active Directory fails when Cisco Secure ACS runs on a member server. To perform EAP-TLS authentication using Active Directory as the external user database, Cisco Secure ACS must run on a domain controller.

For additional info:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/prod_release_note09186a00801bfd95.html#1204438

giuseppe.fiorentini · ‎09-27-2004

Hi,

Peap uses mutual authentication by server certificate and client credential. You have the error because you didn't download correctly the server certificate to the client.

Bye

Stefano Furno

5nreeves · ‎12-20-2004

I'm also trying to impliment PEAP with ACS/Safeword Token server. We generated a self signed certificate on the ACS server, This certificate must be installed on our clients? I was under the impression the certificate would be exhanged.

gabor.varga · ‎07-20-2006

Hi!

I received this error message when my client refused accepting the (non public) certificate of the ACS installed on.

I had to set my client not to verify ACS's certificate or to install its certificate in the Windows certificate store.

This solved the problem above.

Good luck!

Gabor