Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1143
Views
0
Helpful
5
Replies

MS-PEAP with handheld devices

jihealis
Level 1
Level 1

‎10-15-2003 08:37 AM - edited ‎07-04-2021 09:05 AM

Has anyone else configured handheld devices to use your wireless network using PEAP, but no certificates? Instead authenticating with username/password/domain.

All of Microsoft's documents say they support PEAP but none say how to configure it.

Labels:
0 Helpful
5 Replies 5

andrew.butterworth
Level 7
Level 7

‎10-17-2003 12:34 PM

I got this working yesterday and it was pretty straight forward, although I did have most of the groundwork in place beforehand.

You need a RADIUS Server - I used the one supplied with Windows 2000 Server (IAS). You also need a certificate Authority to publish certificates; the RADIUS Server needs one as well as each of the handhelds. Again I used the CA supplied with W2K.

There is a good tutorial here:

http://www.missl.cs.umd.edu/Projects/wireless/8021x/

To get the certificate on the PocketPC you need to get hold of the Certificate Enrollment tool from MS. You can either complile it from the SDK or download it from HP's website (software and drivers for iPAQ 5400/5500 for Windows Mobile 2003). The documentation supplied with the tool is a bit ambiguous and you need to make sure either a 'User' or 'Computer' certificate is requested, NOT what it says in the notes.

It all worked pretty much straight away - I had to play around with a few things but nothing too complex. I am using a Cisco 340 AP running VxWorks 12.0(3)T and an iPAQ 5450 running Windows Mobile 2003.

Andy

0 Helpful

cgelnett
Level 1
Level 1
In response to andrew.butterworth

‎06-17-2004 05:09 AM

I just got PEAP running using the ACS and 1200. I was able to test it with a laptop but have not been able to have the iPAQ get the certificate. I keep receiving an error that the template is not correct.

I talk with someone else who was able to make it work but without using the domain, but my site uses the domain to authenticate. I think the iPAQ can not receive the certificate since it is not register yet.

any ideas?

Thanks

0 Helpful

gamccall
Level 4
Level 4

‎06-18-2004 05:59 AM

PEAP does not require client-side certificates, just server certificates. As long as your PDA has the appropriate root certificate installed (just sync it over and click on it, no special tools necessary) you should be able to connect as long as your PEAP is running correctly in the first place.

I had some trouble getting my iPaq connected, but it turned out that the root certificate load that came preinstalled had an obsolete version of the Verisign certificate I needed. Updated that and I was online.

-Gabriel

0 Helpful

cgelnett
Level 1
Level 1
In response to gamccall

‎06-18-2004 06:54 AM

Correct I should of said I can not get the iPAQ to install the root certificate. I receive the error that the template is incorrect.

Thanks

0 Helpful

gamccall
Level 4
Level 4
In response to cgelnett

‎06-18-2004 09:10 AM

Perhaps the root cert file is not in a format your PDA recognizes. Try importing that cert into Internet Explorer on your desktop/laptop, then export the certificate from IE in X.509-DER, and see if the reformatted cert works better for you.

-Gabriel

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card