Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1032
Views
0
Helpful
7
Replies

PEAP work without a ... ??

alahmadi_sami
Level 1
Level 1

‎11-27-2005 03:44 AM - edited ‎07-04-2021 11:22 AM

Hi all,

I have ACS configured to authenticate wireless users using “Cisco PEAP” with server certificate and the data base from Active Directory.

The problem I’m facing is the users can be authenticated without installing the server certificate.

Is it normal?? Or Is there an option in the ACS to reject any authentication request from any user who doesn’t have the certificate installed in his wireless device??

please respond ASAP guys.

thaknks alot

Labels:
0 Helpful
7 Replies 7

scottmac
Level 10
Level 10

‎11-27-2005 07:17 AM

PEAP only uses a certificate on the ACS side of the connection.

EAP-TLS requires the use of certificates on both Server and Client.

Windows clients, if I'm recalling correctly, have a checkbox in the wireless configuration for whether or not you want the client to verify the server's certificate

Good Luck

Scott

.

0 Helpful

alahmadi_sami
Level 1
Level 1
In response to scottmac

‎11-27-2005 09:34 PM

thanks for your reply scott,

but is there a way to force the windows client to install the certificate, otherwise he can't login?

i wanna do this to ensure the client is talking to the right ACS server and encrypt his data.

0 Helpful

BERNHARD FIEGLMUELLER
Level 3
Level 3
In response to alahmadi_sami

‎11-28-2005 01:56 AM

then you have to make it over the AD policy i think, but its the same with the ssl web sites you can trust the ca or you can set the browser to trust everything.

regards bernhard

0 Helpful

gtwhaley
Level 1
Level 1

‎11-28-2005 04:27 PM

Hi,

PEAP uses a server side certificate, not client. If client certificates are what you desire you may need to look at EAP-TLS or another method. Hope this helps.

g

0 Helpful

alahmadi_sami
Level 1
Level 1
In response to gtwhaley

‎11-28-2005 11:10 PM

Thanks guys for your support and help,

I know PEAP is a server side certificate, what i want to know is:

Is it possible to reject any authentication request from any client who doesn’t install the server certificate? If Yes, ... How??

I hope it is clear now guys :)

Waiting for your reply

0 Helpful

alahmadi_sami
Level 1
Level 1
In response to alahmadi_sami

‎12-02-2005 09:54 PM

any update guys?

0 Helpful

scottmac
Level 10
Level 10
In response to alahmadi_sami

‎12-03-2005 08:23 AM

With PEAP, no. Not without an additional component that would check for a client-side cert and reject the authorization.

PEAP does not use or check client side certificates.

Good Luck

Scott

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card