12-20-2010 02:38 AM - edited 07-03-2021 07:34 PM
Hello.
I'm using PEAP with Cisco Secure ACS and AD. GPO enables clients to validate server certificate.
How can I deny access to users who have not "Validate server certficate" checked?
Thanks.
Regards.
Andrea
Solved! Go to Solution.
12-20-2010 02:44 AM
Hello Andrea,
for the validate server certificate , this can be configured on client side only.
there is no configuration on ACS to force that, and you have to configure some policy at your microsoft ( so users can't change this check box :-) )
otherwise you can use EAP-TLS that force using 2 certificates , once on client and one one server ( mutual authentication).
Best regards
Talal
===========
please rate answers that you find useful , and mark as answered - when it is :-) - so others can find it easily
12-20-2010 02:44 AM
Hello Andrea,
for the validate server certificate , this can be configured on client side only.
there is no configuration on ACS to force that, and you have to configure some policy at your microsoft ( so users can't change this check box :-) )
otherwise you can use EAP-TLS that force using 2 certificates , once on client and one one server ( mutual authentication).
Best regards
Talal
===========
please rate answers that you find useful , and mark as answered - when it is :-) - so others can find it easily
12-20-2010 02:54 AM
Many thanks for your help Talal.
I understand that this is not a PEAP issue!
I believe I need to apply a filter on ACS (using a mac-address checked).
Regards.
Andrea
12-20-2010 07:03 AM
Talal is spot on. If you have a small deployment you could consider mac filtering. However this does become a big management burrden if you have a lot of devices. As mentioned, you can create a policy whereby "locking" the supplicant so that end users can not change "vaildate certificate".
12-20-2010 07:40 AM
Good!
Some users make connections using Apple.
I'm going to evaluate filter.
Other ideas?
Regards.
Andrea
12-20-2010 08:40 AM
You can still vaildate certs with Apple as well. How many clients do you have?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide