Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
884
Views
0
Helpful
5
Replies

PEAP : Machine authentication doesn't work

alex.alexander
Level 1
Level 1

‎03-13-2005 07:10 AM - edited ‎07-04-2021 10:33 AM

Hello,

I'm trying to set up machine authentication and at this time I have some problems.

I have the following configuration:

- the users laptop are running WinXP

- the AP is a 1232

- ACS 3.3.2

- external database (Win2000 Active Directory) authentication

I set up PEAP and it works well when a user is authenticated. However when I enable machine authentication on the ACS and also on the user laptop, it doesn't work. In the ACS logs I can see that the user has not authenticated due to the machine access restriction.

On the Active Directory I changed the Dial In config. for the computers to allow access.

Is there anything else that has to be modified in order to perform machine authentication?

Hope someone will be able to help me.

Thanks in advance.

Alex

Labels:
0 Helpful
5 Replies 5

bbaley
Level 3
Level 3

‎03-18-2005 08:50 AM

Try after disabling peap session resume if it's enabled.

0 Helpful

colin.lynch
Level 4
Level 4

‎03-22-2005 01:02 AM

Hi Alex

I have had a similar issue, I found that my PEAP users were fine but Machine authentication failed at the SSL handshake. I.E the machine didn't know where the local certificate was. In the meantime to get the policies working I unchecked the "validate server certificate" on the client. And that works, I would assume that the certificate needs to be in a specific default location for the machine authentication to use it, though thats just a guess.

I am spending the day to get this working and I'll post what I find out.

Regards

Colin

0 Helpful

colin.lynch
Level 4
Level 4
In response to colin.lynch

‎03-22-2005 10:19 AM

Hi Got machine auth working, by using a policy to specify the certificate to the workstations.

Although the mmc snap-in can also be used.

Regards

Colin

0 Helpful

mhernandez11
Level 1
Level 1
In response to colin.lynch

‎05-24-2005 07:10 PM

I know this is a dumb response, but i got mine working after a bit of trouble....

seems just like users you need to map the computer group to a group in ACS...(duh), so i mapped all the "domain computers" ad group into my dot1x group and got the machine authentication working (this was for my 802.1x wired project). It should work for wired and wireless though.

0 Helpful

eerten
Level 1
Level 1

‎06-15-2005 06:25 AM

Hi,

I had the same problem. I solved it like this:

- In ACS go to Windows User Database Configuration

- "EAP-TLS and PEAP machine authentication name prefix" option, remove "/host" (i.e leave field empty).

- Check "Enable machine access restrictions"

this worked for me.

regards,

Eniz

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card