Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
430
Views
0
Helpful
5
Replies

Windows XP PEAP authentication question

zhenningx
Level 4
Level 4

‎06-19-2006 05:24 AM - edited ‎07-04-2021 12:22 PM

This is a EAP MSCHAPv2 properties configuration: automatically use my windows logon name and password(and domain if any). Has anyone implemented this in the production? I tried this option with no luck. It looks like when enable it, windows sends "domain/username" as the username for authentication, and I could not find a way to strip the domain or host name from that. So authentation failed. Thanks for any comments.

Labels:
0 Helpful
5 Replies 5

Aaron Harrison
VIP Alumni
VIP Alumni

‎06-22-2006 11:36 PM

Hi

What are you using to authenticate your clients?

MS has a webpage that details setting up PEAP/MSCHAP with just MS stuff - IAS etc....

http://www.microsoft.com/technet/security/topics/cryptographyetc/peap_0.mspx

Regards

Aaron

Please rate helpful posts...

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
0 Helpful

b1llydkid
Level 1
Level 1

‎06-23-2006 10:21 AM

you can use realms to strip off the "@domain.com" with a stand alone radius server. You should see if you can do this in your implementation.

0 Helpful

zhenningx
Level 4
Level 4

‎06-26-2006 10:15 AM

Hi, thanks for the replies.

I am using PEAP/MSChapV2 to authenticate clients. When I enabled "automatically use my windows logon name and password(and domain if any)", after client log in with username "aaa" and domain name "abc", the WLC controller sends "abc\aaa" as username to ACS server for authentication. I can see the radius request packets at ACS server, but ACS server just silently ignore it without doing anything. There is no "accept" or "rejuct" responce with this request and no "passed" or "failed" records about this request in radius accounting activities. WLC always got timeout error. Any idea about this?

Thanks

0 Helpful

Aaron Harrison
VIP Alumni
VIP Alumni
In response to zhenningx

‎06-26-2006 12:41 PM

See this guide (figure 9 in particular)

http://www.cisco.com/en/US/products/hw/wireless/ps430/products_technical_reference_chapter09186a008025d6ee.html

Have you set the correct settings here?

Aaron

Please rate helpful posts...

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
0 Helpful

zhenningx
Level 4
Level 4
In response to Aaron Harrison

‎06-27-2006 04:57 AM

Everything is configured ok. I will open a case with TAC and will post the solution here later. Thanks.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card