Dear friends,
we have a Cisco ACS 4.1 and as long as we worked with EAP-FAST we had no problems. For Security reasons it was decided we switch to PEAP with MS-CHAPv2 for the inner authentication.
We installed a PKI Server Certificate on the ACS Server without any problems and then exported the ACS Radius Server Certificate along with the CA Certificates to the Clients Certificate Store. But the client just does not authenticate against the ACS Server with PEAP as soon as we enable "validate Server Certificate" (with validate Server Certificate disabled it works perfrectly). Can you help us ? Thanks so much. We use the ACS internal Database.